Solved: time difference between two events.

rakesh_498115 · ‎07-11-2012

Hi,

I need to calucalte the time difference between two events in splunk..using the transaction command ....how can i do that ..??

in my logs i have my own field called "TIMESTAMP" . Please help..

Ayn · ‎07-11-2012

If you want to use transaction, create a transaction that starts with the first event and ends with the second. The transaction command will automatically create a field duration that holds the time different between the first and the last event in the transaction, so if you have Splunk configured to use "TIMESTAMP" as what it takes its own timestamp from, just getting the duration field will give you what you want.

View solution in original post

Ayn · ‎07-11-2012

If you want to use transaction, create a transaction that starts with the first event and ends with the second. The transaction command will automatically create a field duration that holds the time different between the first and the last event in the transaction, so if you have Splunk configured to use "TIMESTAMP" as what it takes its own timestamp from, just getting the duration field will give you what you want.

time difference between two events.

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk