Hello everyone, beginning on Splunk and asking for your help
I've got something like this in my transaction :
Event 1 :
9:00:00 Start and 11:00:00 Stop
Event 2 :
10:00:00 Start and 11:30:00 Stop
Event 3 :
13:00:00 Start and 14:00:00 Stop
Event 4 :
13:20:00 Start and 13:40:00 Stop
I want to determine the duration of how long were my events combined ON START during the day.
This means we need AT LEAST ONE transaction on START for the duration to grow.
In our case :
9:00 until 11:30 and 13:00 until 14:00 = 3 hours and 30 minutes in total.
So I would like to get 3.5 hours as a result when I have something like what I just showed.
I hope this is not too confusing
Looking forward to your answers
Thanks
↧