How to find start time and end time for a transaction in Splunk?

HomeMagulan Duraipandian

How to find start time and end time for a transaction in Splunk?

Magulan Duraipandian

Using max(), min() and strftime(), we can find start and end time for a transaction in Splunk.

Sample Splunk Query:

Your basic Search Query
| stats max(_time) AS tempmax, min(_time) AS tempmin 
| eval StartTime=strftime(tempmin, "%Y-%m-%dT%H:%M:%S.%Q")
| eval EndTime=strftime(tempmax, "%Y-%m-%dT%H:%M:%S.%Q") 
| table StartTime, EndTime

Leave a Reply