Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to display time parameters (start time, end time, total duration) of a transaction?

hemanath_ofc
Explorer
‎10-30-2014 02:15 PM

10/21/14 13:17:08.747 SERIAL ZPIMXTerminal.Send Start
10/21/14 13:17:08.747 SERIAL SerialComClass:**NOTICE: Serial Port cleared OK
10/21/14 13:17:08.809 **SERIAL GetAckNak Sent: [00]
10/21/14 13:17:08.840 WLL-EX CCTX_POS_GET_TenderTypeStatus = 0

10/21/14 13:17:08.919 SERIAL SerialComClass:****NOTICE: Serial Port cleared OK
10/21/14 13:17:08.919 SERIAL Send Msg() >
10/21/14 13:17:08.981 SERIAL GetAckNak Recv: [00]

10/21/14 13:17:09.090 WLL-EX CCTX_OS_GET_TypeStatus = 0

10/21/14 13:17:09.090 SERIAL SerialComClass:**NOTICE: Serial Port cleared OK
10/21/14 13:17:09.153 **SERIAL GetAckNak Recv: [00]
10/21/14 13:17:09.262 SERIAL SerialComClass:****NOTICE: Serial Port cleared OK
10/21/14 13:17:08.747 SERIAL ZPIMXTerminal.Send Start

in above log.. i formed a transaction using "transaction startswith="ZPIMXTerminal.Send Start" endswith="ZPIMXTerminal.Send Start"

but I'm not sure how to display time parameters. I would like to see start time of transaction, end time of transaction and total duration. Along with that, I wanted to display the start and end time of "GetAckNak " in a table. Can anyone help?

0 Karma
Reply

vasanthmss
Motivator
‎10-30-2014 03:26 PM

transaction startswith="ZPIMXTerminal.Send Start" endswith="ZPIMXTerminal.Send Start"|eval starttime=_time|eval endtime=_time+duration

If you want to convert time to human readable format use this
|convert ctime(starttime) ctime(endtime)

V
Reply

hemanath_ofc
Explorer
‎10-30-2014 11:03 PM

Thanks Vasanth..

But can i find the duration of different event within a transaction.

for expample : time between
SERIAL GetAckNak Sent: [00]

SERIAL GetAckNak Recv: [00]

0 Karma
Reply

vasanthmss
Motivator
‎11-18-2014 04:40 PM

Add a transaction command next to earlier one based on your req.

V
0 Karma
Reply

vasanthmss
Motivator
‎12-12-2014 10:39 AM

Is it working?

V
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...