decompose response time

fcarre · ‎10-10-2012

I am tracking reponse time in n-tiers applications.

Let's assume that we have a client request log and a database request log. Each client request has a unique transaction_ID in the client log. The database log records 3 different requests for a single client request and specifies the transaction_ID corresponding to the client request served by the database requests.

I would like to correlate the client and database log so that I can decompose the client request time in "application time" and "database time" (sum of the 3 database request response time).

Also, I would like to drill down on the database time to see the 3 different requests.

What do you recommend ?

sdaniels · ‎10-10-2012

The transaction command may be the right approach in this case. Take a look at this previous answer which is very detailed.

http://splunk-base.splunk.com/answers/29172/transaction-problems-with-lots-of-events-and-multiple-fi...

From the docs (there are example transactions):
http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Transaction

The Transaction profiling app might be interesting for you to look at as well.

http://splunk-base.splunk.com/apps/29011/splunk-app-for-transaction-profiling-preview

decompose response time

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms