Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to find the daily average of the time difference between the concurrence of one line and a previous line?

mshea
New Member
‎08-25-2015 09:53 AM

Hi,

I have a very simple line of trace which indicates the end of a timer that runs at the completion of an important process.

I would like a report that shows what the daily average of the time between the occurrence of this line and the previous run.

Enter function tmr_Elapsed

How would I accomplish this using splunk?

Thanks,

Mike

Tags (3)
0 Karma
Reply

jensonthottian
Contributor
‎08-25-2015 12:05 PM

Use transaction command as you have clear indication of events corresponding to start and stop.

| transaction processID(--unique ID for your events) startswith="started" endswith="completed"

0 Karma
Reply

somesoni2
Revered Legend
‎08-25-2015 11:27 AM

What all fields are available in your data? What all fields your expect in the output?

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...