Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Time Duration between each session

rajgowd1
Communicator
‎01-31-2017 01:01 PM

Hi,
we have few micro services which are running on pivotal.i would like find the time duration from starting to end flow based on session id.

i got few values for 1 minute duration,which has the same session id but different end points and micro services.

attaching the file which has some fields and values.
link text

Tags (1)
Preview file
3 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎01-31-2017 02:15 PM

Give this a try

your base search | stats min(_time) as start max(_time) as end by cf_session_id | eval duration=end-start | convert ctime(start) ctime(end) | eval duration=tostring(duration,"duration")

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎01-31-2017 02:15 PM

Give this a try

your base search | stats min(_time) as start max(_time) as end by cf_session_id | eval duration=end-start | convert ctime(start) ctime(end) | eval duration=tostring(duration,"duration")
0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...