Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to display time parameters (start time, end time, total duration) of a transaction?

hemanath_ofc
Explorer
‎10-30-2014 02:15 PM

10/21/14 13:17:08.747 SERIAL ZPIMXTerminal.Send Start
10/21/14 13:17:08.747 SERIAL SerialComClass:**NOTICE: Serial Port cleared OK
10/21/14 13:17:08.809 **SERIAL GetAckNak Sent: [00]
10/21/14 13:17:08.840 WLL-EX CCTX_POS_GET_TenderTypeStatus = 0

10/21/14 13:17:08.919 SERIAL SerialComClass:****NOTICE: Serial Port cleared OK
10/21/14 13:17:08.919 SERIAL Send Msg() >
10/21/14 13:17:08.981 SERIAL GetAckNak Recv: [00]

10/21/14 13:17:09.090 WLL-EX CCTX_OS_GET_TypeStatus = 0

10/21/14 13:17:09.090 SERIAL SerialComClass:**NOTICE: Serial Port cleared OK
10/21/14 13:17:09.153 **SERIAL GetAckNak Recv: [00]
10/21/14 13:17:09.262 SERIAL SerialComClass:****NOTICE: Serial Port cleared OK
10/21/14 13:17:08.747 SERIAL ZPIMXTerminal.Send Start

in above log.. i formed a transaction using "transaction startswith="ZPIMXTerminal.Send Start" endswith="ZPIMXTerminal.Send Start"

but I'm not sure how to display time parameters. I would like to see start time of transaction, end time of transaction and total duration. Along with that, I wanted to display the start and end time of "GetAckNak " in a table. Can anyone help?

0 Karma
Reply

vasanthmss
Motivator
‎10-30-2014 03:26 PM

transaction startswith="ZPIMXTerminal.Send Start" endswith="ZPIMXTerminal.Send Start"|eval starttime=_time|eval endtime=_time+duration

If you want to convert time to human readable format use this
|convert ctime(starttime) ctime(endtime)

V
Reply

hemanath_ofc
Explorer
‎10-30-2014 11:03 PM

Thanks Vasanth..

But can i find the duration of different event within a transaction.

for expample : time between
SERIAL GetAckNak Sent: [00]

SERIAL GetAckNak Recv: [00]

0 Karma
Reply

vasanthmss
Motivator
‎11-18-2014 04:40 PM

Add a transaction command next to earlier one based on your req.

V
0 Karma
Reply

vasanthmss
Motivator
‎12-12-2014 10:39 AM

Is it working?

V
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...