Each call in my application contains a unique identifier. Want to list down all the current calls which are running for more than 100 seconds in the system.
Asked
Active
Viewed 17 times
-2
-
1What does your data look like? What have you tried so far? How have those attempts failed you? – RichG Aug 22 '23 at 11:13
-
Something like this might work if your unique identifier is called transactionId: `some query | rex "transactionId=(?
[^ ]+)" | where transactionId!="" | eval time=_time | transaction transactionId | eval start=min(time) | eval end=max(time) | eval duration=end-start | where duration>100 | table start end duration transactionId` – Jerry Jeremiah Aug 24 '23 at 03:07