Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a Splunk search to find response time for API Calls?

mintally
New Member
‎04-15-2019 11:45 AM

I want to calculate response time from my logs for all records and our application logs in below format,
Can you please provide query for this?

[2019-04-15 16:49:32.295 GMT][INFO ] [{txnId=wcf_98Y64BaiB3}][Info] - stage : Create Relationship started
[2019-04-15 16:49:32.314 GMT][INFO ] [{txnId=wcf_98Y64BaiB3}][Info] - stage : Create started
[2019-04-15 16:49:32.333 GMT][INFO ] [{txnId=wcf_98Y64BaiB3}][Info] - stage : The status of managed account = PENDING
[2019-04-15 16:49:32.602 GMT][INFO ] [{txnId=wcf_98Y64BaiB3}][Info] - stage : Create Relationship competed
[2019-04-15 16:49:32.602 GMT][INFO ] [{txnId=wcf_98Y64BaiB3}][Info] - stage : Create Relationship call executed

0 Karma
Reply

somesoni2
Revered Legend
‎04-16-2019 06:52 AM

Give this method a try (transaction command can be easy to implement but is awfully resource expensive)

index=foo sourcetype=bar ( Create Relationship started ) OR ( Create Relationship call executed )
| stats min(_time) as startedOn max(_time) as endedOn by txnId
| eval response_time=endedOn-startedOn
| convert ctime(*On) as *On
0 Karma
Reply

grittonc
Contributor
‎04-15-2019 12:43 PM

Have you tried transaction? Try adding | transaction startswith="Create Relationship started" endswith="Create Relationship call executed" to your search. There will be a field called duration that will tell you how much time elapsed.

Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...