Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to search duration of job?

AKG11
Path Finder
‎11-09-2022 02:04 AM

Hi, I am trying to build a query where I need Job duration.  Each job could run multiple time and its start/end time is recorded in multiple lines.
I remember using streamstats for this requirement but couldn't figure it out.


AKG11_0-1667988218620.png

Thanks



Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-09-2022 03:00 AM

Do each execution of the job have a unique id?

Do the jobs overlap?

Do the jobs have different names?

0 Karma
Reply

AKG11
Path Finder
‎11-09-2022 03:26 AM

Do each execution of the job have a unique id?
Ans: Unfortunately no, that's the issue. 

Do the jobs overlap?
Ans: Different jobs can overlap but not the same job. 

Do the jobs have different names?
Ans: Yes, there are jobs with different names.

I have done similar in past. I think I am very close to find the solution. I will update once done.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-09-2022 05:15 AM

You could try something like this

| streamstats count(eval(status=="STARTING")) as instance by job
| stats min(_time) as starttime max(_time) as endtime by job instance
| eval duration=endtime-starttime
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...