cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sdk32
Loves-to-Learn
Member since: ‎07-16-2020
‎08-04-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-16-2020
View All

Re: how to use Delta with Stats command or subtrac...

by in Splunk Search
‎07-16-2020 04:16 AM
‎07-16-2020 04:16 AM
index=_internal |head 2 | fields _raw _time | streamstats count | eval _raw=if(count=1,"{id: 1 , executor: \"executor1\" , timestamp:2020-07-16T02:02:02.566}","{id: 1 , executor: \"executor2\" , timestamp:2020-07-16T02:02:02.570}") | rename COMMENT as "the logic" | rex max_match=0 "(?<fieldname>\w+):\s?(?<value>\S+)(}| )" | eval _raw=mvzip(fieldname,value,"=") | kv | eval _time=strptime(timestamp,"%FT%T.%3N") | fields - fieldname value | delta _time as time_diff | fillnull time_diff | table id executor timestamp time_diff | rename executor as "executors" ,timestamp as logtime ,time_diff as "time difference" ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-04-2020 02:58 AM