Solved: show transactions that are taking 20% more time th...

thirumalreddyb · ‎02-28-2013

Hi splunkers, I came across a situation where

1) I have to find out transactions that are taking 20% more time than average transaction time of previous year.
2) compare the transactions with same TXN_NAME in the current year and the previous year.

Current year log : 28/02/2013 12:31:15 TXN_NAME=JOB8607J TXN_ID=8483D START-TIME=28/02/2013 12:31:15 END-TIME=28/02/2013 12:35:17 TXN-TIME=4.03 CPU-TIME=2.25

last year log : 2/07/2012 2:31:19 TXN_NAME=JOB8607J TXN_ID=8102D START-TIME=2/07/2013 2:31:19 END-TIME=2/07/2012 2:35:17 TXN-TIME=4.02 CPU-TIME=1.3

martin_mueller · ‎02-28-2013

You could first compute the average per TXN_NAME from the previous year and save it in a lookup table Splunk Docs and second search in current data, add the average from last year to your results, and compare the runtime to 1.2*average.

View solution in original post

martin_mueller · ‎02-28-2013

You could first compute the average per TXN_NAME from the previous year and save it in a lookup table Splunk Docs and second search in current data, add the average from last year to your results, and compare the runtime to 1.2*average.

show transactions that are taking 20% more time than previous year

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases