Skip to main content


Splunk Lantern

Payment SLA amounts

You might want to know the amounts involved in payment processes that didn't meet their SLA when doing the following:


In order to execute this procedure in your environment, the following data, services, or apps are required:


A key KPI in the financial industry is how many transactions met SLAs and did not meet SLAs for duration/response time. Payments that take too long to process may be subject to fines and cause customer dissatisfaction. Seeing the affected monetary values for such payments can help drive an organization to take action.

To optimize the search shown below, you should specify a time range.  You may also need to adjust fields to match what is available in your data source. 

  1. Run the following search:
    |sourcetype=<payment processing data>
    |eval _time=strptime(_time, "%Y/%m/%d %H:%M:%S")
    |sort _time
    |stats count first(amount) AS amount  first(_time) AS first last(_time) AS last BY sessionID
    |where count>1
    |eval duration=last-first
    |rangemap field=duration Met_SLA=1-1500 Near_SLA=1501-2200 Missed_SLA=2201-10000 default=Missed_SLA
    |chart sum(amount) AS TotalAmount BY range
    |eval TotalAmount=tostring(TotalAmount,"commas")

Search explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Splunk Search Explanation
|sourcetype=<payment processing data> Search only your payment processing data.
|eval _time=strptime(_time, "%Y/%m/%d %H:%M:%S") Parse the time stamp into a UNIX time value.
|sort _time Sort the results from oldest to newest.
|stats count first(amount) AS amount  first(_time) AS first last(_time) AS last BY sessionID Display the amounts processed, as well as the times of the payment request and response. Then group the payments by their unique identifier.
|where count>1 Filter results to those where the count is greater than 1.
|eval duration=last-first Create a duration field that is equal to the last minus first time.
|rangemap field=duration Met_SLA=1-1500 Near_SLA=1501-2200 Missed_SLA=2201-10000 default=Missed_SLA Set ranges for payment durations that missed SLA, met SLA, and nearly missed SLA.
|chart sum(amount) AS TotalAmount BY range Display the total monetary amount for the transactions that fall into each range.
|eval TotalAmount=tostring(TotalAmount,"commas") Convert the total amount to a string rounded to two values, using a comma when needed. 


Visualizing the total monetary value of payments that did not meet your service level agreements due their long durations can help speed up investigations into why. Knowing the value of payments that were processed and missed SLAs, met SLAs, and nearly missed SLAs is a KPI to monitor for payments processing. 

  • Was this article helpful?