I am fairly new to Splunk so bear with me.
I have extracted two fields and they are ConnectTime and DisconnectTime and are consecutive in my event in that order. I want to find the difference in time between the values in both those fields. Not only that but I want to find the difference in time between both fields in **all** my events, I then want to create an alert that will notify me when the difference in time between ConnectTime and DisconnectTime is less than 2 seconds.
I am aware that the command I need to use is the "delta" command. I have visited the Splunk Knowledge Page for instructions on how to use the delta command but when I type in "| delta DisconnectTime p=1" I do not get anything in my statistics tab.
Thanks in advance
↧