stackoom
  简体   繁体   中英

Splunk query for time difference between 2 log statements

 原文  2015-01-15 03:29:34       logging/ splunk

Question

I have 2 methods that logs message ID. The first method is JMS producer and the second method is JMS consumer. When messages are in the queue for a long time, then I need to print the message ID that were in the queue for more than 20 seconds. 

 Log statements:

JMSProducer: MessageId=123
JMSProducer: MessageId=456

JMSConsumer: MessageId=123
JMSConsumer: MessageId=456

Using the timestamp at which they get logged, I need to run a report to give me the timestamp difference greater than 20 seconds.

How do I write a Splunk query for it?

The output should be message ID and timestamp difference in milliseconds or seconds.

1 answers

solution1
 1 ACCPTED  2015-01-21 21:24:42

Use transaction to tie the two log messages together, and it will give you a duration field.

search here | transaction MessageId | where duration > 20 | | transaction MessageId | where duration > 20 | other operations here such as stats

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Finding avg response time using splunk query Splunk Log - Date comparison What is the difference between .log and .txt? Difference between AsyncLogger and AsyncAppender in Log4j2 What is difference between Value Log and Audit? difference between exponential and log functions for numpy and math What is the difference between log4net and ELMAH? log analyze: finding lines by time difference what's the difference between .out and .log file Log4j- difference between Configuration and Level
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM