About sai91603

sai91603 · ‎05-02-2021

Thanks @ITWhisperer ,it's working like a charm.

sai91603 · ‎05-01-2021

Thanks for the response @ITWhisperer . No, i need the time difference between the last two events(latest events). Means if i have two events in the morning, which is similar to two events in the afternoon, I need to calculate the time difference between the latest events(afternoon events) I can provide you with the logs if you didn’t get it and thanks for correcting the query.

sai91603 · ‎04-30-2021

Hi , I am creating a dashboard where it should show the time difference between two latest events, since all the events look alike, I do not want splunk to pickup the old events timestamps and compare with the new one. I tried using dedup and it is showing only for one particular day even though I selected a range of dates. Query: index=i01_prd ("ProcessBatch" AND "Total Processed") OR (ProcessBatch BEGIN - ProcessBatch.doWork) | bucket _time span=1d as day | stats earliest(_time) as First latest(_time) as Last by day | eval DurationInMinutesDeci=round((Last - First)) | eval day=strftime(day,"%m/%d/%y") | eval Last=strftime(Last,"%S") | eval First=strftime(First,"%S") | rename Last as "Last_ss" | rename First as "First_ss" | rename DurationInMinutesDeci as Seconds | rename _time as exacttime | rename day as _time | table _time, Seconds

Posts	3
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎04-30-2021

Online Status	Offline
Date Last Visited	‎05-02-2021 03:51 PM

Remove identical events and keep the latest in the...

Re: Remove identical events and keep the latest in...

Re: Remove identical events and keep the latest in...

Remove identical events and keep the latest in the...