How to generate smaller time frame events from a g...

oajengui · ‎02-26-2019

Hi everyone,
I have this current situation, I receive events that each one contain a start time and end time, the duration between start and end can be seconds, minutes or hours it depends on how long the event took time, and I would like like to split or break down each event to have multiple events for the same Initial Event ID but with 1 minute/or second duration, and I was wondering if this can be done on splunk.
Here is an example:

EventID= xxxxxxxxxxxxx StartTime=2019-02-02 15:23:12:393 UTC EndTime=2019-02-02 15:30:20:393 UTC

So the duration is around 8 minutes and I would like to have this event, 8 rows(or sub-events) for each minute of this 8 minutes duration like this :

EventID= xxxxxxxxxxxxx StartTime=2019-02-02 15:23:12:393 UTC EndTime=2019-02-02 15:24:12:393 UTC 
EventID= xxxxxxxxxxxxx StartTime=2019-02-02 15:23:12:393 UTC EndTime=2019-02-02 15:25:12:393 UTC 
EventID= xxxxxxxxxxxxx StartTime=2019-02-02 15:23:12:393 UTC EndTime=2019-02-02 15:26:12:393 UTC 
EventID= xxxxxxxxxxxxx StartTime=2019-02-02 15:23:12:393 UTC EndTime=2019-02-02 15:27:12:393 UTC 
EventID= xxxxxxxxxxxxx StartTime=2019-02-02 15:23:12:393 UTC EndTime=2019-02-02 15:28:12:393 UTC 
EventID= xxxxxxxxxxxxx StartTime=2019-02-02 15:23:12:393 UTC EndTime=2019-02-02 15:29:12:393 UTC 
EventID= xxxxxxxxxxxxx StartTime=2019-02-02 15:23:12:393 UTC EndTime=2019-02-02 15:30:12:393 UTC

...

Is it possible to do so in splunk?

Thanks in advance 🙂

How to generate smaller time frame events from a given event ?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!