HI all.
I am trying to set up a timeline application in splunk, but I get strange results.
My query looks like this:
| eval dayofweekfull = strftime (Start, "% A")
| eval duration = round (End-Start) * 1000
| rename Start AS _time
| stats count by _time, duration, dayofweekfull
| table _time dayofweekfull duration
As a result, the timeline is not entirely true. I need to get a table by day of the week, but they are not displayed correctly.
![alt text][1]
My data is:
![alt text][2]
[1]: /storage/temp/275768-снимок-экрана-2019-10-02-в-211705.png
[2]: /storage/temp/275769-снимок-экрана-2019-10-02-в-211735.png
↧