Is it possible to calculate all the duration between subevents in a transaction? For example..
Here's the search:
index=citrix source="C:\Temp\tslogon_log.txt" | transaction UserName host startswith="STARTED" endswith="FINISH"
...and output
We would like to calculate the time difference between all steps in the transaction. So between Started and Step1_Complete, then Step1_Complete and Step2_Complete etc.. which all those differences should add to the 2.39 seconds Splunk calculated for the overall transaction. Any ideas?
Thanks!