Archive
Highlighted

how to track lag between log timestamp and time arrive in Splunk

Path Finder

Wanted to track lag between log generated in host server and time arrive in Splunk.
Any search can achieve that?

Tags (1)
0 Karma
Highlighted

Re: how to track lag between log timestamp and time arrive in Splunk

SplunkTrust
SplunkTrust

hello leonjxtan
the field you are looking for is indextime
latency is _indextime -
time
here is a full answer from this portal: https://answers.splunk.com/answers/11870/how-can-i-view-the-indexing-latency-for-incoming-events-in-...
it explains it in detail and provides some examples as well
hope it helps

0 Karma