https://community.splunk.com/t5/Splunk-Search/time-difference-between-two-events/m-p/95598#M182470 <P>If you want to use transaction, create a transaction that starts with the first event and ends with the second. The <CODE>transaction</CODE> command will automatically create a field <CODE>duration</CODE> that holds the time different between the first and the last event in the transaction, so if you have Splunk configured to use "TIMESTAMP" as what it takes its own timestamp from, just getting the <CODE>duration</CODE> field will give you what you want.</P> Wed, 11 Jul 2012 11:48:47 GMT Ayn 2012-07-11T11:48:47Z https://community.splunk.com/t5/Splunk-Search/time-difference-between-two-events/m-p/95597#M182469 <P>Hi,</P> <P>I need to calucalte the time difference between two events in splunk..using the transaction command ....how can i do that ..??</P> <P>in my logs i have my own field called <STRONG>"TIMESTAMP"</STRONG> . Please help..</P> Wed, 11 Jul 2012 10:24:03 GMT https://community.splunk.com/t5/Splunk-Search/time-difference-between-two-events/m-p/95597#M182469 rakesh_498115 2012-07-11T10:24:03Z https://community.splunk.com/t5/Splunk-Search/time-difference-between-two-events/m-p/95598#M182470 <P>If you want to use transaction, create a transaction that starts with the first event and ends with the second. The <CODE>transaction</CODE> command will automatically create a field <CODE>duration</CODE> that holds the time different between the first and the last event in the transaction, so if you have Splunk configured to use "TIMESTAMP" as what it takes its own timestamp from, just getting the <CODE>duration</CODE> field will give you what you want.</P> Wed, 11 Jul 2012 11:48:47 GMT https://community.splunk.com/t5/Splunk-Search/time-difference-between-two-events/m-p/95598#M182470 Ayn 2012-07-11T11:48:47Z