Re: Elapsed time logging in splunk

msrama5 · ‎06-01-2020

Hi All, does splunk log the elapsed time automatically ? I am trying to join few different source types in splunk that are joined by unique correlationid id logged and flowing between them , I don't see elapsed times on all calls. I want to compute the latency between different calls for unique ids flowing between them, splunk time stamp is not accurate, what is expected here ? do I need to ask my feature teams to log elapsed time in splunk ? is this not automatically logged ? I don't see this logged for many source types in splunk as is.

richgalloway · ‎06-02-2020

Splunk does not compute elapsed time automatically. The transaction command will compute "duration", which is sort of an elapsed time, but since only you know your data, it really falls on you to compute elapsed time.

Tell us more about your data and we may be able to offer some suggestions.

---
If this reply helps you, Karma would be appreciated.

Elapsed time logging in splunk

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Join the Conversation