Archive
Highlighted

Calculate Transaction Time?

Explorer
08/17/10,0:15:02,start   load_updates.sh 9.3
08/17/10,0:20:04,start   load_updates.sh 9.3
08/17/10,0:25:02,start   load_updates.sh 9.3
08/17/10,0:30:06,start   load_updates.sh 9.3
08/17/10,0:35:09,start   load_updates.sh 9.3
08/17/10,0:38:02,finish  load_updates.sh 9.3  status 0
08/17/10,0:40:02,start   load_updates.sh 9.3
08/17/10,0:45:09,start   load_updates.sh 9.3
08/17/10,0:49:03,finish  load_updates.sh 9.3  status 0

I would like to see a time difference example how long between the first start to finish? In other words how long did it take to load? The extra starts are the shell script trying to start again but fails due to a lock file.

Tags (1)
Highlighted

Re: Calculate Transaction Time?

Splunk Employee
Splunk Employee

Assuming that you want the time from the first start to the first finish line, and in this sample there are two separate times, you should use the transaction command. For example:

source=txnlog | transaction source endswith=finish

This will assemble the data into transactions with a duration field that represents the difference between start and finish times.

Highlighted

Re: Calculate Transaction Time?

Explorer

Thanks
That helped but Now I get this
How do I graph the time?

For some reason my Far Left Column only shows Hour and Minute seconds is 00.000 PM

8/17/10
3:02:00.000 PM

08/17/10,0:15:02,start loadupdates.sh 9.3
08/17/10,0:20:04,start load
updates.sh 9.3
08/17/10,0:25:02,start loadupdates.sh 9.3
08/17/10,0:30:06,start load
updates.sh 9.3
08/17/10,0:35:09,start loadupdates.sh 9.3
08/17/10,0:38:02,finish load
updates.sh 9.3 status 0
datehour=15 Options| datehour=20 Options| datemday=17 Options| dateminute=2 Options| date_minute=4 Options

0 Karma
Highlighted

Re: Calculate Transaction Time?

Splunk Employee
Splunk Employee

Just add | timechart avg(duration) to the search. You can pick another aggregation function like median or max if you prefer. You can also add "count" to the timechart to see how many transactions you had.

0 Karma
Highlighted

Re: Calculate Transaction Time?

Explorer

Thanks
but my result is
8/12/10 12:00:00.000 AM 158.523810
My goal is to see during the day how long for each start - finish combo is it taking to load, in Time. aka at 7am load_updates ran 5 times and it took 2 minutes each time.

0 Karma
Highlighted

Re: Calculate Transaction Time?

Splunk Employee
Splunk Employee

You want something like: source=txnlog earliest=-24h | transaction source endswith=finish | timechart span=1h sum(duration) count

0 Karma