Solved: Re: duration from _time of events in search

mihir_hardas · ‎05-19-2022

How to find the duration in minutes between two events from _time ?

index=log-13120-nonprod-c laas_appId=qbmp.prediction* "pushed to greenplum for predictionId"
2022-05-19 03:37:30,108 jobRunStats INFO Current Predictions, total=1659262 pushed to greenplum for predictionId = fe387967-2f11-4358-8b27-c51a45042e79
2022-05-19 03:26:29,085 jobRunStats INFO Current Predictions, total=1659262 pushed to greenplum for predictionId = 473866d5-c7b1-4156-90a0-de978b260e8d

I simply want diff between the above two and then show a line graph of cycle time length in minutes.

So then output will be
11mins
14mins
7 mins

And then I want to plot a line graph that will tell me length of my cycle time

I do not want to use transation

ITWhisperer · ‎05-19-2022

| sort 0 _time
| streamstats window=2 range(_time) as timediff
| eval timediffmins=timediff/60

View solution in original post

ITWhisperer · ‎05-19-2022

| sort 0 _time
| streamstats window=2 range(_time) as timediff
| eval timediffmins=timediff/60

mihir_hardas · ‎05-19-2022

Yes this works ! Many thanks

How to find the duration in minutes between two events from _time ?

development

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk