topic Re: How to find concurrent run of processes? in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-find-concurrent-run-of-processes/m-p/504527#M140893 <P>You can use autoregress.&nbsp;</P><LI-CODE lang="markup">index=abc &lt;jobname&gt; | stats earliest(_time) AS begin, latest(_time) AS end count by source | sort 0 begin | autoregress end as prev_end p=1 | where begin&lt;prev_end | convert ctime(begin), ctime(end) | sort - count</LI-CODE><P>If that doesn't give you what you want, then consider using streamstats to calculate the window</P><P>I am not sure of the relevance of count in your scenario.</P><P>Hope this helps.</P><P>&nbsp;</P> Tue, 16 Jun 2020 03:40:51 GMT bowesmana 2020-06-16T03:40:51Z How to find concurrent run of processes? https://community.splunk.com/t5/Splunk-Search/How-to-find-concurrent-run-of-processes/m-p/503711#M140621 <P>Hi ,&nbsp;</P> <P>I would like to check if there are multiple instances of a job/process running .</P> <P>Ex: My Splunk search : &nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="markup">index=abc &lt;jobname&gt; | stats earliest(_time) AS earliest_time, latest(_time) AS latest_time count by source | convert ctime(earliest_time), ctime(latest_time) | sort - count</LI-CODE> <P>&nbsp;</P> <P>Returns :</P> <P>&nbsp;</P> <LI-CODE lang="markup">source earliest_time latest_time count logA 06/06/2020 15:24:09 06/06/2020 15:24:59 1 logB 06/06/2020 15:24:24 06/06/2020 15:25:12 2</LI-CODE> <P>&nbsp;</P> <P>In the above since logB indicates job run before logA completion time, &nbsp;it is an indication of the concurrent run of the process. I would like to generate a list of all such jobs if it is possible, any help is appreciated.</P> <P>&nbsp;</P> <P>Thank you.&nbsp;</P> Wed, 10 Jun 2020 19:54:11 GMT https://community.splunk.com/t5/Splunk-Search/How-to-find-concurrent-run-of-processes/m-p/503711#M140621 ppatkar 2020-06-10T19:54:11Z Re: How to find concurrent run of processes? https://community.splunk.com/t5/Splunk-Search/How-to-find-concurrent-run-of-processes/m-p/504527#M140893 <P>You can use autoregress.&nbsp;</P><LI-CODE lang="markup">index=abc &lt;jobname&gt; | stats earliest(_time) AS begin, latest(_time) AS end count by source | sort 0 begin | autoregress end as prev_end p=1 | where begin&lt;prev_end | convert ctime(begin), ctime(end) | sort - count</LI-CODE><P>If that doesn't give you what you want, then consider using streamstats to calculate the window</P><P>I am not sure of the relevance of count in your scenario.</P><P>Hope this helps.</P><P>&nbsp;</P> Tue, 16 Jun 2020 03:40:51 GMT https://community.splunk.com/t5/Splunk-Search/How-to-find-concurrent-run-of-processes/m-p/504527#M140893 bowesmana 2020-06-16T03:40:51Z