Hi expert, currently I am study Splunk and have some question, could you help me to resolve them? Thank you in advance.
22-Apr-2016 12:04:56.213 **start-1**
22-Apr-2016 12:04:57.228 -exec_1
22-Apr-2016 12:04:58.123 -exec_2
22-Apr-2016 12:04:59.957 -exec_3
22-Apr-2016 12:05:00.854 -exec_4
22-Apr-2016 12:05:01.364 -exec_5
22-Apr-2016 12:05:02.951 **end-1**
22-Apr-2016 12:05:03.665 **start-2**
22-Apr-2016 12:05:04.751 -exec_1
22-Apr-2016 12:05:05.598 -exec_2
22-Apr-2016 12:05:06.165 **end-2**
22-Apr-2016 12:05:07.977 **start-1**
22-Apr-2016 12:05:08.315 -exec_1
22-Apr-2016 12:05:09.671 -exec_2
22-Apr-2016 12:05:10.139 **end-1**
As above example, I want to calculate only between **start-1** and **end-1** all -exec_\* (\*=1, 2, 3, ...) execute time, how can I do?
Currently I know can use '*transaction source startswith="start-1" endswith="end-1"*' to group them, but I don't know how to calculate the all -exec_\* (\*=1, 2, 3, ...) execute time?
I want to the result like:
-exec_1 0.895 (22-Apr-2016 12:04:58.123 - 22-Apr-2016 12:04:57.228)
-exec_1 1.356 (22-Apr-2016 12:05:09.671 - 22-Apr-2016 12:05:08.315)
-exec_2 1.834 (22-Apr-2016 12:04:59.957 - 22-Apr-2016 12:04:58.123)
-exec_2 0.468 (22-Apr-2016 12:05:10.139 - 22-Apr-2016 12:05:09.671)
-exec_3 0.897 (22-Apr-2016 12:05:00.854 - 22-Apr-2016 12:04:59.957)
-exec_4 0.510 (22-Apr-2016 12:05:01.364 - 22-Apr-2016 12:05:00.854)
-exec_5 1.587 (22-Apr-2016 12:05:02.951 - 22-Apr-2016 12:05:01.364)
↧