VacuumTask | 03-04-2020 08:00 am | 03-05-2020 08:00 am. The transaction command finds transactions based on events that meet various constraints. VacuumTask | 03-04-2020 08:00 am| 03-05-2020 08:00 am| 24 hours | 10 | 55īut also I have more functions like this for other features so my end table would like this: Function | Startime | Endtime | TimeProcessing | ServerCount. Timestamps are used to: Correlate events by time. Additionally, the transaction command in splunk adds two fields to the raw events, duration and eventcount.
Splunk transaction timestamps events software#
When I do 'transaction dcn', I get the results properly with evntts grouped together. If events don't contain timestamp information, Splunk software assigns a timestamp value to the events when data is indexed. there is only single event in splunk web it is showing but when i am checking timestamp field with. I am looking for a result like this: Function | Startime | Endtime | TimeProcessing | ServerCount | DB Count index'someindex' sort +evntts transaction dcn,evntts keepevicted't' table dcn,time,evntts.
I have multiple events in a server that I would like to get the timestamp from the very first transaction and the timestamp from the very last transaction for each feature, then get the timestamp difference between them in hours, in a table format.
0 kommentar(er)
