Log data example:
{'job_no':'1','begin_build_time':'2019-08-15 11:00:00','event_type':'staging'}
{'job_no':'1','end_build_time':'2019-08-15 11:10:00','event_type':'staging'}
{'job_no':'1','begin_execution_time':'2019-08-15 11:10:01','event_type':'transaction'}
{'job_no':'1','end_execution_time':'2019-08-15 11:20:00','event_type':'transaction'}
{'job_no':'1','begin_artifact_time':'2019-08-15 11:20:01','event_type':'upload'}
{'job_no':'1','end_artifact_time':'2019-08-15 11:30:00','event_type':'upload'}
I need data table output like:
Job# 1 staging 10 mins transaction 10 mins upload 10 mins total 30 mins
Each line is coming as a event in Splunk.
I know we have to use coalesce and streamstats, but I am new to splunk not able to figure out how to get to this level.
Thanks in advance.
... View more