Looking for help coming up with search to calculate the total duration there were events in a given time period - essentially a reflection (for the given use case) for how much time was the user actively doing something.
So if user A logged in at 11 am, did 5 things between 11 and 11:01, nothing between 11:01 and 11:03 and then again between 11:03 and 11:04 did 10 things, 11:04 to 11:05 did 3 things, then in total the user was active for 3 out of the 5 mins. Only care about 1 minute granularity.
I'm using transaction with maxpause of 60s to represent "inactivity" for a certain time period and then aggregate "duration" to get active_time
| transaction USER_ID maxpause=65s | stats sum(duration) as dur | eval active_time = dur/60
Looking for other ideas, techniques to approach this
↧