Hi All, I am studying splunk recently and need help about some question, thanks.
When I want to search one key word and want to calculate the key word and next row's time, what should I do?
If I search AAA, so I can get two row(#1, #4), but I also want to get the time, like #2-#1(25-Mar-2016 15:26:43.420 - 25-Mar-2016 15:26:42.727) and #5-#4(25-Mar-2016 15:26:46.678 - 25-Mar-2016 15:26:45.861).
As a result, I can get the execute time from my key word to next row. Thank you very much.
Thank you for your help.
Sorry, clarify my example again, the raw data as follows(log files):
So the row data not only have AAA or BBB..., and data is from original log files.
I used your answer to search, but no results found, so need your help again, thank you very much.