Solved: time difference between two events.

rakesh_498115 · ‎07-11-2012

Hi,

I need to calucalte the time difference between two events in splunk..using the transaction command ....how can i do that ..??

in my logs i have my own field called "TIMESTAMP" . Please help..

Ayn · ‎07-11-2012

If you want to use transaction, create a transaction that starts with the first event and ends with the second. The transaction command will automatically create a field duration that holds the time different between the first and the last event in the transaction, so if you have Splunk configured to use "TIMESTAMP" as what it takes its own timestamp from, just getting the duration field will give you what you want.

View solution in original post

Ayn · ‎07-11-2012

If you want to use transaction, create a transaction that starts with the first event and ends with the second. The transaction command will automatically create a field duration that holds the time different between the first and the last event in the transaction, so if you have Splunk configured to use "TIMESTAMP" as what it takes its own timestamp from, just getting the duration field will give you what you want.

time difference between two events.

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)