Determining concurrency

Determining the number of users currently using a system is difficult, particularly if the log does not contain events for both the beginning and the end of a transaction. With web server logs in particular, it is not quite possible to know when a user has left a site. Let's investigate a couple of strategies for answering this question.

Using transaction with concurrency

If the question you are trying to answer is—how many transactions were happening at a time?, you can use transaction to combine related events and calculate the duration of each transaction. We will then use the concurrency command to increase a counter when the events start, and decrease when the time has expired for each transaction. Let's start with our ...

Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk - Second Edition by Vincent Bumgarner, James D Miller

Determining concurrency

Using transaction with concurrency

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly