How to find start time and end time for a transaction in Splunk?

HomeInfallibleTechie Admin

How to find start time and end time for a transaction in Splunk?

InfallibleTechie Admin

Using max(), min() and strftime(), we can find start and end time for a transaction in Splunk.

Sample Splunk Query:

Your basic Search Query
| stats max(_time) AS tempmax, min(_time) AS tempmin 
| eval StartTime=strftime(tempmin, "%Y-%m-%dT%H:%M:%S.%Q")
| eval EndTime=strftime(tempmax, "%Y-%m-%dT%H:%M:%S.%Q") 
| table StartTime, EndTime

Leave a Reply