Hello there,
If this is what you wanted, follow the steps :
*Logs used :
Use this query to get only the logs that has the label STATUS, and only the values START and END :
{job="test"} |= "STATUS" |~ "START|END" | pattern `<DATE> TID=<TID> EXPID=<EXPID> TASK=<TASK> STATUS=<STATUS> EPOCH=<EPOCH>`
Then, do these transformations :
- Extract the labels to field.
- Group by the IDs and get the “All values” of the EPOCH, STATUS and the "Last
value of the DATE (“Last” is the date of the task with STATUS=START).
- Filter out the lines to retain only the tasks that succeeded (have both END and START status).
- Extract the epoch array to fields.
- Calculate the diff between the epochs (“0” is the END, “1” is the START).
- Filter out the unnecessary fields.
Hope this helps!