This documentation does not apply to the most recent version of Splunk Stream™.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Stream field details
This topic provides information about the specific protocol fields captured by Splunk App for Stream.
Latency information
Field | Description |
---|---|
time_taken | The event duration in microseconds, i.e. time difference between timestamps of the last and first packets that comprise an event plus client_rtt time (if applicable for that protocol). For example, for HTTP request/response event (sourcetype=stream:http) a first packet is the first request packet and the last packet is either the last response packet or the client ack packet acknowledging the last response packet, if captured. For a “flow” event (tcp or udp) the first and last packets are the first and last packets in the entire flow, respectively. |
Field | Description |
---|---|
client_rtt | The average round trip time in microseconds from the client to the point of capture — calculated based on a complex algorithm involving correlating data packet timestamps with corresponding acknowledgment packet timestamps. |
server_rtt | The average round trip time in microseconds from the server to the point of capture — calculated based on a complex algorithm involving correlating data packet timestamps with corresponding acknowledgment packet timestamps. |
Field | Description |
---|---|
request_time | The number of microseconds that it took the client to send the request, i.e. time difference between last and first request data packets (0 if request fits in a single packet). |
response_time | Similar to request time, but for the server response data. |
reply_time | The number of microseconds between the last request packet and the first response packet. |
request_ack_time | The time difference between the last request packet and the ACK packet from the server acknowledging the last request packet. |
response_ack_time | Similar to request_ack_time, but timing the acknowledgment of the last response packet. |
Last modified on 08 June, 2016
PREVIOUS Configure Streams |
NEXT Stream aggregation methods |
This documentation applies to the following versions of Splunk Stream™: 6.6.0, 6.6.1, 6.6.2
Feedback submitted, thanks!