Hi everyone!
Where i work, we have a little problem with the sql server, so i made a java program to test it.
I have a nice log, which contains rows like this:
Sent;2013-07-12 10:00:06.561;3c34c5e2a32c8b1a7b853958207d223f
Sent;2013-07-12 10:00:06.546;7792eff1b42c35e7a208ffec68f63220
Sent;2013-07-12 10:00:06.561;d86dd547438271f2c5bc6c2bceb7e6f3
Sent;2013-07-12 10:00:06.561;3c126ec175261f75fcbc567c5c89751d
Received;2013-07-12 10:00:07.984;d86dd547438271f2c5bc6c2bceb7e6f3
Received;2013-07-12 10:00:07.984;7792eff1b42c35e7a208ffec68f63220
Timeout;2013-07-12 10:00:07.796;3c34c5e2a32c8b1a7b853958207d223f
Timeout;2013-07-12 10:00:07.984;3c126ec175261f75fcbc567c5c89751d
I would like to pair every Sent and Receives row with the last field (like in the forst row: 3c34c5e2a..., it is a unique id)
I just started using splunk, and as i see i'll need these keyword: transaction, field extract (, and chart for seeing these beautiful response times)
I tried something like this:
... | reverse | transaction ";[a-z0-9]*"
As i think every row will be a transaction (or not?), and i need the last string (that's why the regexp). Maybe i'm going to the wrong direction?
I also have some "TIMEOUT;2013-07-12 11:00:43.409;c3926c0fa748e0c5189fd8cc1c433625" rows as well, and they are paired like SENT-TIMEOUT. But i think the SENT-RECEIVED pair duration is enough, maybe i'll figure out how to do it one more time.
Can you guys help me how to do it?
EDIT:
the final goal is to have some kind of table like this:
c3926c0fa748e0c5189fd8cc1c433625 34
as23sf... 435
kj23df... 96
where the strings are the unique IDs to pair the requests and responses, and the number is the endtime-starttime in millisecond/second/buzzlightyear 🙂
Thanks,
Tom
... View more