×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
roshankandeIntu
Loves-to-Learn Lots
Member since: ‎11-03-2022
‎11-03-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-03-2022
View All

Find time difference between two events with diffe...

by in Splunk Search
‎11-03-2022 06:34 AM
‎11-03-2022 06:34 AM
Hey splunk community! I need to create a search query to find instances where the time between a "Cache set' log from my application and a "Cache miss" log is not equal to a certain value(The configured TTL), for any cache key. I've attempted starting with a particular key(sampleKey) but the end goal is to tabularize these results for all keys. Here's my attempt to calculate the time difference for a sampleKey, between the set and miss times : index= authzds-e2e* "setting value into memcached" "key=sampleKey" [search index=authzds-e2e* "Cache status=miss" "key=sampleKey" | stats latest(_time) as missTime ] | stats earliest(_time) as setTime| eval timeDiff=setTime-missTime My goal is to calculate the difference between consecutive set and miss events, key-wise (not earliest/latest as in the above query) ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-03-2022 01:18 PM