Solved: Calculate duration of two different events

rishabhpatel20 · ‎12-24-2021

I have logs which shows the job status ( Running, succeeded and failed) and all jobs have unique job id , now I want to calculate the duration it took to get failed or succeeded for each job id. Here, all jobs id would have two event first one -running and second - succeeded or failed. How it can be done

richgalloway · ‎12-24-2021

The range function should do the job. It computes the difference between the first and last events.

index=infra_automation sourcetype=rundeck_execution
| stats range(_time) as duration, latest(status) as last_status by job_id
| sort - job_id
| eval duration = tostring(duration,"duration")
| table job_id data time last_status duration

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎12-24-2021

The range function should do the job. It computes the difference between the first and last events.

index=infra_automation sourcetype=rundeck_execution
| stats range(_time) as duration, latest(status) as last_status by job_id
| sort - job_id
| eval duration = tostring(duration,"duration")
| table job_id data time last_status duration

---
If this reply helps you, Karma would be appreciated.

rishabhpatel20 · ‎12-25-2021

Thanks a lot @richgalloway .. I was trying with other options like appendcol etc but did not go through the basic one range..

Thank you !

Calculate duration of two different events

other

Routing logs with Splunk OTel Collector for Kubernetes

New This Month - Observability Updates Give Extended Visibility and Improve User ...

Intro to Splunk Synthetic Monitoring