Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Time difference for the transaction

splunkpoornima
Communicator
‎10-09-2012 05:13 AM

I want to find the time difference between the transactions,display as a chart

My data will look like this

Mon Sep 24 11:00:30 CDT 2012,xxx,START

Mon Sep 24 11:00:31 CDT 2012,xxx,COMPLETION: Succeeded

so what i need is (11:00:30-11:00:31) is 01 seconds

Plz Help

Tags (1)
0 Karma
Reply

splunkpoornima
Communicator
‎10-09-2012 05:24 AM

I used the search command as
source="task"|transaction task_action startswith=START endswith=Succeeded|Table_time task_action duration

90% of the result is coming correct ..
but for some case the result is not an exact difference

0 Karma
Reply

Ayn
Legend
‎10-09-2012 05:17 AM

Have a look at the duration field which is created by the transaction command, it should be precisely what you need.

Reply

supersleepwalke
Communicator
‎08-16-2013 12:25 PM

You might check that your time extractions are correct. If Splunk's interpretation of each event's time is incorrect, that could lead to the duration field being incorrect.

0 Karma
Reply

Ayn
Legend
‎10-09-2012 05:49 AM

Well, you need to check what is causing this problem - the functionality is there, so...

0 Karma
Reply

splunkpoornima
Communicator
‎10-09-2012 05:39 AM

I used the duration also but since i got wrong results for some cases

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...