Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Finding Timings Between Multiple Events

Razziq
Explorer
‎03-09-2021 10:01 AM

Hello,

I am trying to find the timings between multiple calls under the same extracted field of InterchangeId. When using streamstats range(_time), I get the timing between the calls, however the first call in order of time has the total time and the last call has a 0 value. I am trying to determine how long it takes between each call in the correct order without it aggregating one of the calls to the total timing value.

Below is a screenshot of the results as well as the search. I appreciate any help with this!

2021-03-09 09_41_36-Window.png

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-09-2021 10:40 AM

Use the window option of streamstats to limit the range calculation to the current row and the previous row.

| streamstats window=1 range(_time) as Difference by InterchangeID

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-09-2021 10:40 AM

Use the window option of streamstats to limit the range calculation to the current row and the previous row.

| streamstats window=1 range(_time) as Difference by InterchangeID

 

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Razziq
Explorer
‎03-09-2021 11:04 AM

@richgalloway  Thank you! I was able to add window=2 to the search and verified that the timings look accurate after finding the total time and checking against each individual row's timing. For some reason window=1 resulted in all 0 results, but 2 worked as expected. Thanks again!

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...