Splunk – Transaction to calculate start and end time of component

by Steve • October 19, 2017 • 0 Comments

host=cmhlpecomecm* EOMReservationService AND (started OR ended) 
  | eval tmp=split(_raw," ") 
  | eval thread=mvindex(tmp,5) 
  | transaction thread startswith="started" endswith="ended"
  | timechart span=1h avg(duration) median(duration)

The query above results in the following output on the Events tab of the UI…

…and the following graph on the Visualization tab of the UI…

← C# – Write file on client and read same file from inside the database

Programatically gathering a thread dump →

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post navigation

Leave a Reply