Splunk Search

show transactions that are taking 20% more time than previous year

thirumalreddyb
Communicator

Hi splunkers, I came across a situation where

1) I have to find out transactions that are taking 20% more time than average transaction time of previous year.
2) compare the transactions with same TXN_NAME in the current year and the previous year.

Current year log : 28/02/2013 12:31:15 TXN_NAME=JOB8607J TXN_ID=8483D START-TIME=28/02/2013 12:31:15 END-TIME=28/02/2013 12:35:17 TXN-TIME=4.03 CPU-TIME=2.25

last year log : 2/07/2012 2:31:19 TXN_NAME=JOB8607J TXN_ID=8102D START-TIME=2/07/2013 2:31:19 END-TIME=2/07/2012 2:35:17 TXN-TIME=4.02 CPU-TIME=1.3

Tags (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

You could first compute the average per TXN_NAME from the previous year and save it in a lookup table Splunk Docs and second search in current data, add the average from last year to your results, and compare the runtime to 1.2*average.

View solution in original post

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You could first compute the average per TXN_NAME from the previous year and save it in a lookup table Splunk Docs and second search in current data, add the average from last year to your results, and compare the runtime to 1.2*average.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...