Hello Splunk'all,
I am trying to derive a simple chart from the data I got here within a Splunk Index. The data consists of epoch time (field name is "**transactiontime**") and the transaction values. The transactions contains success and failures and every transaction has an epoch timestamp for the transaction occurred.
I am simply trying to create a graph with the data for the time between every failure. For example: in a day, if there are two failures, one at 3 AM and one at 8 PM, I am trying to create a graph and show the time between these two failures (which is 17 Hrs). SO I took some help from a colleague of mine and got to this stage (please see below) and I am able to take two transactions into one field, but the time difference between those epoch values of two transactions are showing wrong.
Please see the search below and let me know for any missing logic I need to incorporate here:
index="dynatrace" transactionname="*"
sort _time|
search tpf > 0 |
eval cvtime=strftime(transactiontime/1000, "%H:%M:%S %d-%m-%Y") |
transaction host maxevents=2 |
eval mdiff=round(duration)|
table mdiff,cvtime,ttime
Thanks
Vikram Y
↧