Hi All, I am studying splunk recently and need help about some question, thanks.
When I want to search one key word and want to calculate the key word and next row's time, what should I do?
For example:
#1 25-Mar-2016 15:26:42.727 AAA
#2 25-Mar-2016 15:26:43.420 BBB
#3 25-Mar-2016 15:26:44.123 CCC
#4 25-Mar-2016 15:26:45.861 AAA
#5 25-Mar-2016 15:26:46.678 DDD
If I search AAA, so I can get two row(#1, #4), but I also want to get the time, like #2-#1(25-Mar-2016 15:26:43.420 - 25-Mar-2016 15:26:42.727) and #5-#4(25-Mar-2016 15:26:46.678 - 25-Mar-2016 15:26:45.861).
As a result, I can get the execute time from my key word to next row. Thank you very much.
↧