Is there a way to search for the time elapsed as an event traverses between different source types?

luckyman80 — Wed, 03 Oct 2018 11:13:50 GMT

Hi ALL,

So i'm working for a manufacturing company and have managed to index all logs (good Start). I have an order number (say Order X150) and when typing in Splunk, i can see all the different source types it traverses. As an example:

Sourcetype1 = Entry Node
Sourcetype2 = Processing Node
Sourcetype3 = Validation Node
Sourcetype4 = Delivery Node

I can see that the order route has 200 events and I want to analyze how long the order takes between each source type (sometimes the journey can go from sourcetype 4 to sourcetype 1 to check something then back to sourcetype4.

What's the best way of getting the latency between all the events in the journey, a kind of way so you can see the full routing history for a given order ? Thanks so much team!

Re: Is there a way to search for the time elapsed as an event traverses between different source types?

493669 — Wed, 03 Oct 2018 11:47:34 GMT

You can group events using the transaction command.

Refer to below docs about use of transaction command-

https://docs.splunk.com/Documentation/Splunk/7.1.2/SearchReference/Transaction

The transaction command adds two fields to the raw events, duration and eventcount. The values in the duration field show the difference between the timestamps for the first and last events in the transaction. The values in the eventcount field show the number of events in the transaction.

topic Is there a way to search for the time elapsed as an event traverses between different source types? in Getting Data In

Is there a way to search for the time elapsed as an event traverses between different source types?

Re: Is there a way to search for the time elapsed as an event traverses between different source types?