How to filldown a value within a transacted event?

manikanta461 · ‎03-06-2018

I've transacted 3 events into 1 event based on my requirement.
let's say transacted event as X; y1,y2,y3 are the events transacted to form a transacted event X.
y1 has 1 start time, and y2 and y3 have individual end times.
In the transacted event, I find only one value under start time and two values under end time.
I want to fill down my start time with X so that it is filled two times totally within the transaction. so that ill get duration(end time-start time)
Any idea on how to filldown the start time value within the transacted event?

Richfez · ‎03-06-2018

When you use the transaction command, it has always worked best to me to think of it as "erasing" your old events and creating new events that are groups of your old ones.

As such, I am not sure there's even logical meaning to "fill down a value within one transacted event." You do not have three events any longer, you have one. You have one "start" time, and two "end times." The old y1, y2 and y3 events no longer really exist, you simply have event X with those values.

But, that being said - how would you use such a filled-down start time? What exactly were you planning on doing to it/with it? Perhaps if we knew this we could make a better attempt at helping you!

Happy Splunking,
Rich

manikanta461 · ‎03-06-2018

I want to find out the duration between y2, y1 and y3,y1.

How to filldown a value within a transacted event?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update