This relies on the fact that the timestamp of the logged message is the time that the request came in, and the 'spent' field is the number of milliseconds spent handling the request.
Determine the number of overlapping HTTP requestsĭetermine the number of overlapping HTTP requests outstanding from browsers accessing splunkd at the time that each http request begins. This limit defaults to 10000000 or ten million.īasic examples 1. If the maximum tracked concurrency exceeds max_count, from the stanza in nf, a warning will be produced in the UI / search output, and the values will be clamped, making them potentially inaccurate. There is a limitation on quantity of overlapping items. |eval new_start = start - duration | concurrency start=new_start duration=duration Limits
If your events have a time that represents event completion and a span that represents the time before the completion, you need to subtract duration from the start time before the concurrency command: See Command types.Īn event X is concurrent with event Y if X.start is between Y.start and (Y.start + Y.duration) The concurrency command is a dataset processing command. Default: _time output Syntax: output= Description: A field to write the resulting number of concurrent events. Optional arguments start Syntax: start= Description: A field that represents the start time. For example, the duration field generated by the transaction command is in seconds (see Example 1), which can be used with the default of _time which is also in units of seconds. This field must be a numeric with the same units as the start field. Required arguments duration Syntax: duration= Description: A field that represents a span of time. This command does not measure the total number of events that a particular event overlapped with during its total span. Alternatively, this measurement represents the total number of events in progress at the time that each particular event started, including the event itself.
Concurrency measures the number of events which have spans that overlap with the start of each event.
0 kommentar(er)
