Re: How to find concurrent run of processes?

ppatkar · ‎06-10-2020

Hi ,

I would like to check if there are multiple instances of a job/process running .

Ex: My Splunk search :

index=abc <jobname> |  stats earliest(_time) AS earliest_time, latest(_time) AS latest_time count by  source | convert ctime(earliest_time), ctime(latest_time) | sort - count

Returns :

source   earliest_time       latest_time          count
logA     06/06/2020 15:24:09 06/06/2020 15:24:59      1
logB     06/06/2020 15:24:24 06/06/2020 15:25:12      2

In the above since logB indicates job run before logA completion time, it is an indication of the concurrent run of the process. I would like to generate a list of all such jobs if it is possible, any help is appreciated.

Thank you.

bowesmana · ‎06-15-2020

You can use autoregress.

index=abc <jobname> 
| stats earliest(_time) AS begin, latest(_time) AS end count by source 
| sort 0 begin
| autoregress end as prev_end p=1
| where begin<prev_end
| convert ctime(begin), ctime(end)
| sort - count

If that doesn't give you what you want, then consider using streamstats to calculate the window

I am not sure of the relevance of count in your scenario.

Hope this helps.

How to find concurrent run of processes?

other

transaction

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!