Hi , I need to find the time difference between two events, these events are when a job on our server starts running and when it finishes. I found this answer to a very similar question https://community.splunk.com/t5/Splunk-Search/Calculate-time-difference-between-two-events/td-p/578640 but when i try this it does not show me the latency (empty). , I think it has something to do with the search words or the conditions I'm using but I am not sure. Any help is appreciated ! index="0200-pio_numb3r5_support-app" "HumanResourceImportJob" AND "transitioning from state 'Processing' to 'Succeeded'. Reason:" OR "transitioning from state 'Enqueued' to 'Processing'. Reason:" AND NOT OnStateUnapplied | where host="AUDIINSA4919" OR host="AUDIINSA4304" | stats earliest(_time) as Start_time, latest(_time) as Finished_time by host | eval Latency=tostring(Start_time-Finished_time, "duration") | table Start_time , Finished_time , Latency , host | fieldformat Finished_time=strftime(Finished_time,"%c") | fieldformat Start_time=strftime(Start_time,"%c") The output is with latency empty:
Start_time Finished_time Latency host
1
Wed May 18 03:30:08 2022
Wed May 18 03:42:47 2022
AUDIINSA4304
... View more