想要获取Splunk 的latency time,只需要知道_indextime 和 _time就可以了,latency = _indextime- _time
可以直接用query在Splunk查询:
1.index=app host="****" | eval diff= _indextime – _time| search diff>60| stats count, avg(diff), min(diff), max(diff) by host
2.index=app host="****" | eval diff= _indextime – _time | eval indextime=strftime(_indextime,"%Y-%m-%d %H:%M:%S") |eval capturetime=strftime(_time,"%Y-%m-%d %H:%M:%S") | table indextime capturetime diff
原创文章,作者:kepupublish,如若转载,请注明出处:https://blog.ytso.com/191721.html