I have two events with start and end process and i need to calculate the time difference between the start process and end process of id but the fields are not configured, The data is like below: ...
See more...
I have two events with start and end process and i need to calculate the time difference between the start process and end process of id but the fields are not configured, The data is like below: Start process: {"log":"[16:43:39.451] [INFO ] [] [c.c.n.m.a.n.a.b.i.DefaultNotificationAuthService] [] - Creating notification auth flow for idempotencyKey 8532923_default as entityId Qb4RmEiaR6-zp8FU8MsyQQ \n","stream":"stdout","docker":{"container_id":"cd1c24ba236b3aca14151619a174176957213d860408addfb964e6bd3ec04b81"},"kubernetes":{"container_name":"mms-au","namespace_name":"msaas-t5","pod_name":"mms-au-b-1-685f9fd75d-4bz87","container_image":"pso.docker.internal.cba/mms-au:2.3.1-0-1-5634ab725",}
End process : {"log":"[16:43:39.876] [INFO ] [] [c.c.n.m.a.n.s.j.NotificationJMSProducer] [akka://MmsAuCluster/system/sharding/notificationAuthBpmn/5/Qb4RmEiaR6-zp8FU8MsyQQ_5/Qb4RmEiaR6-zp8FU8MsyQQ] - Submitting Enriched Notification for id 8532923 \n","stream":"stdout","docker":{"container_id":"cd1c24ba236b3aca14151619a174176957213d860408addfb964e6bd3ec04b81"},"kubernetes":{"container_name":"mms-au","namespace_name":"msaas-t5","pod_name":"mms-au-b-1-685f9fd75d-4bz87","container_image":"pso.docker.internal.cba/mms-au:2.3.1-0-1-5634ab725", Need to calculate time difference between the above 2 events called "Creating notification auth flow " and "Submitting Enriched Notification". Is this possible to do in splunk and if possible,how can we achieve it? Thanks in Advance