If event row contains Sending - use streamstats to get the timestamp from the received row (name it as received_time for example). If event row contains Received - do nothing įor the 1st question - Time difference between A &D, its a bot more complex, but still possible. See, the use of streamstats here to find previous row's value. So all you need to do is get A's time value in B's row and do B-A and the same with C-B Time difference between A & B and B & C - That is sending - received & received reply - sending. Well, what you need to do here is 2 things. so we can always get the total time it took the server to receive request, process and provide reply.Ģ. We want to always calculate the time difference forġ. The transaction ID (tx12345) is unique per transaction but different for another transaction. We have the following log that captures the user, Status (STARTED OR FINISHED), and timestamp. 20180610 00:00:32.416 line#68 TRANSACTION TRACE ĭ. As far as I can tell from how to calculate duration between two events Splunk, one way to do this is to use strptime to convert those time fields into time values and then determine their difference. 08-28-2013 01:04 PM Hello, We are looking at login times and how long it takes a user to login to our Citrix servers. The server receives reply from request sent to remote server and so you will see "Received Reply" in log and time stamp and then lastly, the server sends out response to original request and so you will see "Replying". The server sends out the request in a second event and so you will see "Sending" in the log with timestamp. Posted on Updated on Splunk - Calculate duration between two events Splunk (9 Part Series) 1 Splunk - Calculate duration between two events 2 Useful Splunk search functions. The first event is when the server receives a request and so you will see "Received" in the log with timestamp. I have a use case to calculate time difference between four events.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |