Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to display time parameters (start time, end time, total duration) of a transaction?

hemanath_ofc
Explorer
‎10-30-2014 02:15 PM

10/21/14 13:17:08.747 SERIAL ZPIMXTerminal.Send Start
10/21/14 13:17:08.747 SERIAL SerialComClass:**NOTICE: Serial Port cleared OK
10/21/14 13:17:08.809 **SERIAL GetAckNak Sent: [00]
10/21/14 13:17:08.840 WLL-EX CCTX_POS_GET_TenderTypeStatus = 0

10/21/14 13:17:08.919 SERIAL SerialComClass:****NOTICE: Serial Port cleared OK
10/21/14 13:17:08.919 SERIAL Send Msg() >
10/21/14 13:17:08.981 SERIAL GetAckNak Recv: [00]

10/21/14 13:17:09.090 WLL-EX CCTX_OS_GET_TypeStatus = 0

10/21/14 13:17:09.090 SERIAL SerialComClass:**NOTICE: Serial Port cleared OK
10/21/14 13:17:09.153 **SERIAL GetAckNak Recv: [00]
10/21/14 13:17:09.262 SERIAL SerialComClass:****NOTICE: Serial Port cleared OK
10/21/14 13:17:08.747 SERIAL ZPIMXTerminal.Send Start

in above log.. i formed a transaction using "transaction startswith="ZPIMXTerminal.Send Start" endswith="ZPIMXTerminal.Send Start"

but I'm not sure how to display time parameters. I would like to see start time of transaction, end time of transaction and total duration. Along with that, I wanted to display the start and end time of "GetAckNak " in a table. Can anyone help?

0 Karma
Reply

vasanthmss
Motivator
‎10-30-2014 03:26 PM

transaction startswith="ZPIMXTerminal.Send Start" endswith="ZPIMXTerminal.Send Start"|eval starttime=_time|eval endtime=_time+duration

If you want to convert time to human readable format use this
|convert ctime(starttime) ctime(endtime)

V
Reply

hemanath_ofc
Explorer
‎10-30-2014 11:03 PM

Thanks Vasanth..

But can i find the duration of different event within a transaction.

for expample : time between
SERIAL GetAckNak Sent: [00]

SERIAL GetAckNak Recv: [00]

0 Karma
Reply

vasanthmss
Motivator
‎11-18-2014 04:40 PM

Add a transaction command next to earlier one based on your req.

V
0 Karma
Reply

vasanthmss
Motivator
‎12-12-2014 10:39 AM

Is it working?

V
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...