Hi,

I have the same issue where i have to calculate the total duration between request and response. the above query works but duration is not being calculated, or displayed  when i run the query :

search query |  stats earliest(dateTime) AS request latest(dateTime) AS response BY TransactionID | eval duration=response- request 

result for above query :

TransactionID                                                                          Request                                              Response

000877d43ef8778123243454bda780c5e5     2022-05-05 01:36:12.916      2022-05-05 01:36:13.27

Please help

In most cases the request and response time is same, so, I should get the result as "0" but I am getting wrong results.

The response_time produced will be in seconds or milliseconds?

Hi @VijaySrrie,

epochtime is expressed in second, so the difference will be in seconds.

Ciao.

Giuseppe

I have the same issue where i have to calculate the total duration between request and response. the above query works but duration is not being calculated, or displayed  when i run the query :

search query |  stats earliest(dateTime) AS request latest(dateTime) AS response BY TransactionID | eval duration=response- request 

result for above query :

TransactionID                                                                          Request                                              Response

000877d43ef8778123243454bda780c5e5     2022-05-05 01:36:12.916      2022-05-05 01:36:13.27

Please help