Solved: time difference between two events.

rakesh_498115 · ‎07-11-2012

Hi,

I need to calucalte the time difference between two events in splunk..using the transaction command ....how can i do that ..??

in my logs i have my own field called "TIMESTAMP" . Please help..

Ayn · ‎07-11-2012

If you want to use transaction, create a transaction that starts with the first event and ends with the second. The transaction command will automatically create a field duration that holds the time different between the first and the last event in the transaction, so if you have Splunk configured to use "TIMESTAMP" as what it takes its own timestamp from, just getting the duration field will give you what you want.

View solution in original post

Ayn · ‎07-11-2012

If you want to use transaction, create a transaction that starts with the first event and ends with the second. The transaction command will automatically create a field duration that holds the time different between the first and the last event in the transaction, so if you have Splunk configured to use "TIMESTAMP" as what it takes its own timestamp from, just getting the duration field will give you what you want.

time difference between two events.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation