Splunk Search

show transactions that are taking 20% more time than previous year

Communicator

Hi splunkers, I came across a situation where

1) I have to find out transactions that are taking 20% more time than average transaction time of previous year.
2) compare the transactions with same TXN_NAME in the current year and the previous year.

Current year log : 28/02/2013 12:31:15 TXN_NAME=JOB8607J TXN_ID=8483D START-TIME=28/02/2013 12:31:15 END-TIME=28/02/2013 12:35:17 TXN-TIME=4.03 CPU-TIME=2.25

last year log : 2/07/2012 2:31:19 TXN_NAME=JOB8607J TXN_ID=8102D START-TIME=2/07/2013 2:31:19 END-TIME=2/07/2012 2:35:17 TXN-TIME=4.02 CPU-TIME=1.3

Tags (1)
0 Karma
1 Solution

SplunkTrust
SplunkTrust

You could first compute the average per TXN_NAME from the previous year and save it in a lookup table Splunk Docs and second search in current data, add the average from last year to your results, and compare the runtime to 1.2*average.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

You could first compute the average per TXN_NAME from the previous year and save it in a lookup table Splunk Docs and second search in current data, add the average from last year to your results, and compare the runtime to 1.2*average.

View solution in original post

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!