Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- About huligesh
huligesh
Engager
Member since:
01-21-2017
06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 01-21-2017 |
Activity Feed
- Karma Re: How to calculate time difference of 2 events with logs that do not have a common string? for s2_splunk. 06-05-2020 12:48 AM
- Posted Re: How to calculate time difference of 2 events with logs that do not have a common string? on Splunk Search. 02-03-2017 06:19 AM
- Posted How to calculate time difference of 2 events with logs that do not have a common string? on Splunk Search. 02-02-2017 02:20 PM
- Tagged How to calculate time difference of 2 events with logs that do not have a common string? on Splunk Search. 02-02-2017 02:20 PM
- Tagged How to calculate time difference of 2 events with logs that do not have a common string? on Splunk Search. 02-02-2017 02:20 PM
- Tagged How to calculate time difference of 2 events with logs that do not have a common string? on Splunk Search. 02-02-2017 02:20 PM
- Tagged How to calculate time difference of 2 events with logs that do not have a common string? on Splunk Search. 02-02-2017 02:20 PM
- Posted Re: How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-23-2017 10:42 AM
- Posted Re: How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-23-2017 09:32 AM
- Posted Re: How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-23-2017 09:22 AM
- Posted Re: How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-23-2017 09:02 AM
- Posted Re: How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-23-2017 08:53 AM
- Posted Re: How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-23-2017 07:01 AM
- Posted How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-21-2017 11:52 PM
- Tagged How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-21-2017 11:52 PM
- Tagged How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-21-2017 11:52 PM
- Tagged How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-21-2017 11:52 PM
- Tagged How to find difference between endTime and beginTime to find response time? on Splunk Search. 01-21-2017 11:52 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
02-03-2017
06:19 AM
Thanks for the answer.
... View more
02-02-2017
02:20 PM
Hi,
I have Siebel logs like below:
event 1:
MessageFlow MsgFlowDetail 4 00005609588f0d40:0 2017-01-30 09:38:48 7676: Returned from SessionHandleMsg(200) for task 27263382, pErrStack = 0x2a2d6bf0
..
.. (after few events)
event n:
MessageFlow MsgFlowDetail 4 00005609588f0d40:0 2017-01-30 09:38:47 7676: Calling SessionHandleMsg(200) for task 27263382, pErrStack = 0x2a2d6bf0
I need to extract the timestamp and find difference to get response time data.
Thanks
... View more
01-23-2017
09:32 AM
Thank you! Appreciate, I got response_time now.
Response times are format x.xxxxxx. I want to display x.xxx, how this could be done?
... View more
01-23-2017
09:22 AM
Hi,
I tried below query:
base search | rex "beginTime=(?[^;]+);endTime=(?[^;]+)" | eval response_time=strptime(endTime,"%Y-%m-%d %H:%M:%S.%3N") - strptime(beginTime,"%Y-%m-%d %H:%M:%S.%3N") | table response_time, beginTime
Result: response_time column is blank, beginTime has data
... View more
01-23-2017
09:02 AM
Hi,
could you provide the updated query? I don't see updated query in your previous commet
... View more
01-23-2017
08:53 AM
Hi,
base search | head 10 | table beginTime endTime result is displaying beginTime and endTime in table without any issues. However, I tried 2nd query you provided and not getting values in response_time column.
Please let me know if you need info here. Appreciate you time!
... View more
01-23-2017
07:01 AM
Hi,
Thanks for you time. I tried and I got blank data in response_time. You have assumed endTime and beginTime are extracted, I want to make sure how our log looks. Below is the sample log:
timestamp=2017/01/20 14:24:48.335;resource=;beginTime=2017/01/20 14:24:48.288;endTime=2017/01/20 14:24:48.335;generateRecord=True;os=Longhorn;gmtOffset=-0500;
taxonomyNodeGuid=;topicName=;transId=ddb4kbc4-2rc4-4265-9484-6be12b4ca0ef;sessionId=c99r725c-aa5c-4553-9ddb-5f74e3543e36;researchThreadId=60552351-f47f-49fc-a2f6-eba5hf521033;.....
beginTime and endTime field type are "string" as seen in AllFields window. I see no data in response time column for below query:
base search| eval response_time=strptime(endTime,"%Y-%m-%d %H:%M:%S.%3N") - strptime(beginTime,"%Y-%m-%d %H:%M:%S.%3N") | table response_time, beginTime, endTime
... View more
01-21-2017
11:52 PM
In logs we have endTime and beginTime, the difference of these timings gives response time of that event. Format of beginTime and endtime are %Y-%m-%d %H:%M:%S.%3N (eg. 2017/01/20 14:24:48.288).
Could some explain how to find difference of these timing variables of same event?
... View more
