Below is sample transaction id having multiple events of which 2 specific events are as follows:
{
Date_time: 22/02/2017 18:55:51
transaction_id: 87873
component: ula
redirect-url="http://someURL"
logpoint: response_out
}
{
Date_time: 22/02/2017 18:55:56
transaction_id: 87873
component: ula
request_uri="/xyz"
logpoint: request_in
}
If there are millions of such different transactions id's each having the same above 2 events then i need to calculate the avg. time duration between these 2 specific events for same transaction id.
I have prepared below search but not sure if this gives me the avg. duration between the 2 events of same transaction_id:
index=ABC | transaction startswith=(component=ula AND logpoint="response_out" AND redirect-url="http://someURL")
endswith=(component=ula AND logpoint="request_in" AND request-uri="/xyz")|dedup transaction_id | timechart span=1h avg(duration)
Another requirement is to find data in tabular format giving the time duration between these 2 specific events against the transaction_id in a log of million transaction ids ordered by maximum duration in descending order:
Eg.
transaction_id duration(in sec)
87873 5
4323344 3
7676442 2
5645625 1
......
5657354 0.5
Appreciate a quick response for the 2 searches requested.
... View more