How to get the job start time, end time and durati...

abhi04 · ‎05-31-2018

How to get the job start time, end time and duration for each day for last 7 days? Below is the sample log:

/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-20.01.39)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-21.00.01)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-21.01.00)

kmaron · ‎05-31-2018

These all say 'started' so I would assume these are all start times? Are there different logs that are end times? or is the end time something derived from what is here?

abhi04 · ‎05-31-2018

5/29/18
11:36:58.000 PM
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-29-22.36.59)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-03.05.45)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-20.00.03)

5/29/18
11:36:50.000 PM
... 13 lines omitted ...
/afiw/batch/scripts/gc01iwcdl_ins.ksh: Job gc01iwcdl_ins - started - time=(2018-05-30-20.01.39)
/afiw/batch/scripts/gc01iwcdl_ins.ksh: Job gc01iwcdl_ins - started - time=(2018-05-30-21.00.02)
/afiw/batch/scripts/gc01iwcdl_ins.ksh: Job gc01iwcdl_ins - started - time=(2018-05-30-21.01.00)

abhi04 · ‎05-31-2018

Yes,we have multiple start time and end time for a particular job for same day.we want to take the latest end time as end time and oldest start time as start time for that particular date and job ignoring other time .

FrankVl · ‎05-31-2018

Then please provide a proper sample that includes all the relevant event types. If you want help to come up with a solution, please don't let us guess what your data looks like.

Also: getting the oldest start of the day and latest end, means when the job runs multiple times, you just interpret that as one long run? I don't know the context of course, but that doesn't sound very logical to me...

abhi04 · ‎05-31-2018

provided the same

FrankVl · ‎05-31-2018

And is this in splunk as separate events (one event per line, with time=() mapped to _time) or somehow batched together?

abhi04 · ‎05-31-2018

This is one event and _time not mapped to time (

FrankVl · ‎05-31-2018

And can such an event contain multiple jobs? Your example only includes 1 job, with multiple start/end times.

And is it always sorted like this with first all the end times and then all the start times?

Personally I think I would start by investing a bit of time in ingesting this data properly. Splitting it up in individual events with a proper timestamp. From that it should be fairly straightforward to find earliest start and latest end and do some reporting on that.

abhi04 · ‎05-31-2018

Yes it contains multiple jobs

abhi04 · ‎05-31-2018

YEs ,

So for one job say gc01iwcdl we have multiple start time and end time mentioned for date 29 as you can see below. So we want the oldest start time mentioned as start time and latest end time as end time for this job for each day for last 7 days.

5/29/18
11:36:58.000 PM
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-29-22.36.59)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-03.05.45)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-20.00.03)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-20.01.40)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-21.00.02)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-21.01.01)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-22.00.03)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-22.01.01)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-23.00.02)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - ENDED - time=(2018-05-30-23.01.00)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-29-22.36.58)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-03.05.43)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-20.00.00)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-20.01.39)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-21.00.01)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-21.01.00)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-22.00.00)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-22.01.00)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-23.00.00)
/afiw/batch/scripts/gc01iwcdl_afdw.ksh: Job gc01iwcdl_afdw - started - time=(2018-05-30-23.01.00)

How to get the job start time, end time and duration for each day for last 7 days?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!