Hi all,
I have a requirement where i have to know if the transaction key is processed within 3 seconds. I need to compare two unique references and take the latest timestamp. For e.g., I have two unique references, "ABC1" and "ABC2", and both of them have multiple records in the logs. I have to take the first timestamp from ABC1 and ABC2, and it should be less than 3 seconds.
Can you all please give me some points which i can follow to complete this requirement?
Once you've searched for the relevant events, stats range(_time) as duration
will tell you how much time was spanned by the events.
Hi richgalloway,
Thanks for the response.
I also need to compare the two records.
The search results in many rows. I use the search index= applicationet sourcetype=Rex
you can use streamstats
to find the difference in two events. But first make sure they are sorted properly i.e both the events are next to each other.
Hi,
Thanks for the reply. Can I also sort the logs based on the unique key?
Yes you can , best would be to show some sample rows/events for which you want to find the time difference.
hi,
I have below as my records as my search results. Highlighted ones are unique key. I want compare between the record 1 and 3 , 2 and 4 display the incremented count.
Record 1 null - 2019-02-01T12:55:58.270 - Quename- INL_TTI_01 - Inbound - Process - ABCODSC123245678:Record processed Successfully
Record 2 null - 2019-02-01T12:55:59.270 - Quename- INL_TTI_01 - Inbound - Process - ABCODSC123248888:Record processed Successfully
Record 3 null - 2019-02-01T12:55:58.777 - Quename- INL_TTI_01 - Outbound - Process - ABCODSC123245678:Record processed Successfully
Record 4 null - 2019-02-01T12:55:60.270 - Quename- INL_TTI_01 - Outbound - Process - ABCODSC123248888:Record processed Successfully
Record 5 null - 2019-02-01T12:55:62.270 - Quename- INL_TTI_01 - Outbound - Process - ABCODSC123245678:Record processed Successfully
.
.
.
.
.
n