Hi Guys,
I am very new to splunk and operating on thew following data. I want to retrieve SQL queries which take more than 4 secs. My data looks like this,
How can I use > or < operator to retrieve data which has a Query_time value more than 4 secs.
First make sure you have the query time extracted as a field. See the following section in the docs: http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Addfieldsatsearchtime
Then you can just do
query_time>4
in your search.
First make sure you have the query time extracted as a field. See the following section in the docs: http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Addfieldsatsearchtime
Then you can just do
query_time>4
in your search.