Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to search duration of job?

AKG11
Path Finder
‎11-09-2022 02:04 AM

Hi, I am trying to build a query where I need Job duration.  Each job could run multiple time and its start/end time is recorded in multiple lines.
I remember using streamstats for this requirement but couldn't figure it out.


AKG11_0-1667988218620.png

Thanks



Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-09-2022 03:00 AM

Do each execution of the job have a unique id?

Do the jobs overlap?

Do the jobs have different names?

0 Karma
Reply

AKG11
Path Finder
‎11-09-2022 03:26 AM

Do each execution of the job have a unique id?
Ans: Unfortunately no, that's the issue. 

Do the jobs overlap?
Ans: Different jobs can overlap but not the same job. 

Do the jobs have different names?
Ans: Yes, there are jobs with different names.

I have done similar in past. I think I am very close to find the solution. I will update once done.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-09-2022 05:15 AM

You could try something like this

| streamstats count(eval(status=="STARTING")) as instance by job
| stats min(_time) as starttime max(_time) as endtime by job instance
| eval duration=endtime-starttime
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...