I have event data in below format:
Sep 15 2017 07:06:07 app=yahoo dataconsumed=50
Sep 15 2017 08:16:07 app=skype dataconsumed=150
Sep 14 2017 10:26:07 app=facebook dataconsumed=10
Sep 14 2017 12:26:07 app=facebook dataconsumed=5
Sep 13 2017 7:26:07 app=yahoo dataconsumed=10
Sep 13 2017 9:26:07 app=skype dataconsumed=50
Sep 12 2017 3:26:07 app=facebook dataconsumed=80
Sep 12 2017 1:26:07 app=facebook dataconsumed=0
How should I perform the following tasks:
1. For any given time range, search and split the events in to two halves of "day" or "hours" i.e if "All Time" is selected as time range using Time Picker, I should be able to split above events into two halves by day(firsthalf=sep15-sep14 and secondhalf=sep 13-sep12) or by hour(firsthalf=48hour secondhalf=48hour).
2. Then after splitting events into two halves, I must sum dataconsumed by app in both halves(events split by time) i.e
time app total_dataconsumed
---------------------------------------------------
firsthalf yahoo 50
skype 150
facebook 15
----------------------------------------------------
secondhalf yahoo 10
skype 50
facebook 80
3. Find difference between total_dataconsumed by app using firsthalf and secondhalf i.e firsthalf - secindhalf
app difference
--------------------------
yahoo 40
skype 100
facebook -65
I am still stuck on step 1, I don't seem to understand how should one split the search events into halves/spans and apply stats on both halves?
↧