×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
sdk32
Loves-to-Learn
Member since: ‎07-16-2020
‎08-04-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-16-2020
View All

how to use Delta with Stats command or subtract li...

by in Splunk Search
‎07-16-2020 03:17 AM
‎07-16-2020 03:17 AM
hi Every one i am new to splunk , but here my query goes: Sample Data and json :  {id: 1 , executor: "executor1" , timestamp:2020-07-16T02:02:02.566} {id: 1 , executor: "executor2" , timestamp:2020-07-16T02:02:02.570} now my requirement is to group and list the data by id  and also calculate the timestamp difference between executor1 and executor 2 (as they are sequential steps and logging is also done sequentially) so i did  " stats list(executor)  as executors , list(timestamp) as logtime by id " . and the table comes like this:- id | executors | logtime 1 | executor 1| 2020-07-16T02:02:02.566     | executor 2 |2020-07-16T02:02:02.570 now i want to calculate the difference between the logtime or timestamp of executors and apply it on stats command only . P.s. number of executors can increase dynamically required  result:- id | executors | logtime | time difference  1 | executor 1| 2020-07-16T02:02:02.566 | 0     | executor 2 |2020-07-16T02:02:02.570| 0.004     P.s. the above is the description of 1 row only with 4 columns thanks in advance ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-04-2020 02:58 AM