I have a splunk log in following format:
||pool-2-thread-1|| INFO SUCCESSFULLY COMPLETED at END_TIME: 2018-05-07T06:05:17.475Z
||pool-2-thread-1|| INFO ACTIVE at START_TIME: 2018-05-07T06:04:44.981Z
||pool-2-thread-1|| INFO SUCCESSFULLY COMPLETED at END_TIME: 2018-05-09T07:10:17.475Z
||pool-2-thread-1|| INFO ACTIVE at START_TIME: 2018-05-09T07:08:44.981Z
all the above are separate events. Now I want to get the start date and end date as follows:
startDate Enddate
-------------------------------------------------------
2018-05-09T07:08:44.981Z 2018-05-09T07:10:17.475Z
2018-05-07T06:04:44.981Z 2018-05-07T06:05:17.475Z
and I need to draw a timechart with the data. Am new to the splunk, can anyone please suggest me how can I do it.
... View more