Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to find the duration in minutes between two events from _time ?

mihir_hardas
Explorer
‎05-19-2022 01:52 AM

How to find the duration in minutes between two events from _time ?

 
index=log-13120-nonprod-c laas_appId=qbmp.prediction* "pushed to greenplum for predictionId"
2022-05-19 03:37:30,108 jobRunStats INFO Current Predictions, total=1659262 pushed to greenplum for predictionId = fe387967-2f11-4358-8b27-c51a45042e79
2022-05-19 03:26:29,085 jobRunStats INFO Current Predictions, total=1659262 pushed to greenplum for predictionId = 473866d5-c7b1-4156-90a0-de978b260e8d
 
I simply want diff between the above two and then show a line graph of cycle time length in minutes.
So then output will be 
11mins
14mins
7 mins 

And then I want to plot a line graph that will tell me length of my cycle time 
 
I do not want to use transation
Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-19-2022 02:34 AM

 

| sort 0 _time
| streamstats window=2 range(_time) as timediff
| eval timediffmins=timediff/60

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-19-2022 02:34 AM

 

| sort 0 _time
| streamstats window=2 range(_time) as timediff
| eval timediffmins=timediff/60

 

0 Karma
Reply
Solved! Jump to solution

mihir_hardas
Explorer
‎05-19-2022 10:57 PM

Yes this works ! Many thanks 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...