Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Regarding calculating response time from log

vaishnavi07
Explorer
‎05-05-2015 03:06 AM

I have a log which has entries with transactionid and START_TRANSACTION or END_TRANSACTION. For e.g,

INFO , createLabel, VF4546, START_TRANSACTION, 2015:04:16:07:11:46.925
INFO , createLabel, VF4546, END_TRANSACTION, 2015:04:16:07:11:47.596
INFO , retrieveB2CClients, 12345, START_TRANSACTION, 2015:04:16:07:15:00.730
INFO , retrieveB2CClients, 12345, END_TRANSACTION, 2015:04:16:07:15:00.777

I have to find out response time for each transaction type for which i have to get the starttime and endtime from the entries. How can i match the corresponding starttime and endtime from the logs? Sometimes the START_TRANSACTION or END_TRANSACTION may be missing. Which means the corresponding start or end time should be filled with zero and while calculating response time i will neglect those entries. Can anyone suggest how to do this?

Tags (1)
0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎05-05-2015 06:51 AM

So let's look at the first event there, and I'll make an assumption.

INFO , createLabel, VF4546, START_TRANSACTION, 2015:04:16:07:11:46.925
INFO , createLabel, VF4546, END_TRANSACTION, 2015:04:16:07:11:47.596

So, my assumption: "VF4546" is a transaction ID, and the field name is "txnid". If that is not the truth, then use whatever the transaction id is in your data. Now we can write this:

<your_search_for_transactions> | transaction startswith=START_TRANSACTION endswith=END_TRANSACTION maxspan=4h txnid | stats values(duration) as "Duration in Seconds" by txnid

This should return a table with the number of seconds for each transaction.

0 Karma
Reply

satishsdange
Builder
‎05-05-2015 03:58 AM

I see field next to INFO (createLabel, retrieveB2CClients) is common between 2 subsequent events. You can use for creating reports.

0 Karma
Reply
Get Updates on the Splunk Community!

How to send events & findings from AWS to Splunk using Amazon EventBridge

Amazon EventBridge is a serverless service that uses events to connect application components together, making ...

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...
Top