Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Concurrent Event Count (without transactions)

polfer
Explorer
‎08-21-2010 07:44 PM

I have a collection of individual log lines where each event contains a start time and a duration for an individual request. I would like to setup a dashboard that includes the count of concurrent (overlapping) events over time. I don't believe transaction will help (individual lines, so can't use duration there). Also, concurrency as I see it referenced elsewhere tracks the number of events that "start" within a particular period, not the events that overlap based start_time + duration as defined in the log line itself.

Sorry if this is an obvious question for the pros (very new to splunk), but any ideas or starting points would be appreciated! Thank you!

DanP

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎08-21-2010 08:21 PM

I don't know where you're seeing references to "concurrency", but this is exactly what the "concurrency" search command does: http://www.splunk.com/base/Documentation/latest/SearchReference/Concurrency

Reply

polfer
Explorer
‎08-21-2010 09:47 PM

I may have let myself get swayed by another answers post that said ". . . concurrency isn't the number of events that occurred during any overlap, but rather the number of events that occurred simultaneously at the start time of the event." I'll try it again with some clearer test cases. Thanks for the feedbakc.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...