Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Find earliest time of when the process starts using streamstats?

k31453
Explorer
‎03-18-2023 12:10 AM

Hi, I have a particular service which we triggered occasionally and I would like to know the earliest time of every time it gets kick off for e.g 

For e.g following is the data:

_time service message Host
2022-07-08T05:47:22.029Z abc calling service 123 host123.com
2022-07-08T05:49:17.029Z abc Talking to service 123 host123.com
2022-10-11T01:00:39.029Z
 abc calling service 123 host123.com
2022-10-11T01:02:46.029Z
 abc Talking to service 123 host123.com

 

The expected data outcome would be:

Host starting_time
host123.com 2022-07-08T05:47:22.029Z
host123.com 2022-10-11T01:00:39.029Z

 

I am aware I have to use streamstats somewhere. But given all the other fields are identical earliest time by host wont work. Also I am backdating the data for 6 months so I need something that is bit efficient. I only care about starting_time of the service of each time the service starts.

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-18-2023 01:19 AM 
| where message = "calling service 123"
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...