Search | eval EmailID=lower(EmailID) | stats earliest(_time) as E,latest(_time) as L by EmailID| eval duration=L-E | where duration > 0 | where duration < 200| eval Time=strftime(E, "%m/%d %H:%M") | chart avg(duration) by Timeīut this command will return a duration even though the EndEvent has not yet happened. I have not figured out a way to pick the earliest event. The transaction command takes the last Event (before the End Event) by default. The time stamps in splunk would still show it as Event A 10:00:21.000 Event B 10:00:21.000 So when i use transaction it would give me o as duration. You need to find the duration between events in a transaction. If I use the transaction command I get the duration between GetMember #4 and EndEvent, which is not correct. Suppose Event A is logged at 10:00:21.000 & Event B is logged at 10:00:21:450 in real time. To measure the duration of the transaction I need to take EndEvent - GetMember #1. I dont fully understand your data, but something like this might work. it will automatically compute a 'duration' field for that transaction that is the number of seconds from the beginning to end. transactiontype is the name of the transaction (as defined in nf by the transactions. duration contains the duration of the transaction (the difference between the timestamps of the first and last events of the transaction). Splunk, which was invented back in 2003 to make sense of machine-generated data has not become a data-to-everything platform for modern-day businesses. Transactions usually include information such as the duration between events and the number of events. I have the following types of events, all tied together with a unique id. Splunk Search: Calculate time between two different events Options. Transactions also have additional data that is stored in the fields: duration and transactiontype. Splunk Transaction Command allows Splunk users to locate events that match certain criteria.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |