×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
algol2
Engager
Member since: ‎03-21-2023
‎03-22-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎03-21-2023
View All

Re: Can't get transaction to work when finding tim...

by in Splunk Search
‎03-21-2023 06:14 PM
‎03-21-2023 06:14 PM
Hey, It certainly made a difference, the search now returns thousands of hits.  It looks like it returns the lines I want, but also everything in between, in two-line chunks. I removed the maxevents=2 argument, which reduces the hit count to 11, but Splunk is still gathering up all these extra entries that don't contain the startswith= or endswith= terms. ... View more

Why is transaction not working when finding time b...

by in Splunk Search
‎03-21-2023 04:47 PM
‎03-21-2023 04:47 PM
I'm new to Splunk, so apologies if this is a silly question. I have a log file that reads:     2023-03-22 00:57:09,517 INFO TestScript - Generating reports with date of 20230321 and thread pool size of 5 ... ... 2023-03-22 00:59:23,681 INFO MultiTestScript - Multi Test report generation completed successfully!       and I am trying to extract the elapsed time between these two events. If I try this search     <search terms> | transaction startswith="Generating reports" endswith="report generation completed"       I get no results found.   If I search for the two halves of the transaction separately, i.e.     <search terms> | transaction startswith="Generating reports"     and     <search terms> | transaction endswith="report generation completed"     the search returns the appropriate part of the log file. As soon I combine the startswith= and endswith= fields in a single search, however, I get no results.   This query works properly with another log file. The only difference I can see between the files is that the file that works contains multiple transactions (i.e. "Generating report"/"report generation completed" pairs) while the files that won't work contain only one.   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-22-2023 07:07 PM
Karma given to
View All