I want to find the time difference between the transactions,display as a chart
My data will look like this
Mon Sep 24 11:00:30 CDT 2012,xxx,START
Mon Sep 24 11:00:31 CDT 2012,xxx,COMPLETION: Succeeded
so what i need is (11:00:30-11:00:31) is 01 seconds
Plz Help
I used the search command as
source="task"|transaction task_action startswith=START endswith=Succeeded|Table_time task_action duration
90% of the result is coming correct ..
but for some case the result is not an exact difference
Have a look at the duration
field which is created by the transaction
command, it should be precisely what you need.
You might check that your time extractions are correct. If Splunk's interpretation of each event's time is incorrect, that could lead to the duration field being incorrect.
Well, you need to check what is causing this problem - the functionality is there, so...
I used the duration also but since i got wrong results for some cases