I'm trying to calculate the amount of concurrent calls per minute or another time span (e.g. 5 minutes, ...). I'm using the concurrency function to achieve that. There's one problem though: The function only considers events to calculate the amount of concurrent calls but I would like to sample every minute.
My json records contain a **_time** and a **call_duration**. My current query looks as follows
index=myIndex source=test11 | fields + call_duration | fields - _raw | concurrency duration=call_duration | timechart max(concurrency) as "Simultaneous calls" span=1m
The data is as follows:
![alt text][1]
The resulting chart:
![alt text][2]
The concurrent calls from 7:10:00 to 7:11:00 would be 1 but are shown as 2, because no event occurs during that time. I can't add fake events because then there would be 1 call at that time. So is there a possibility to sample every minute with the concurrency call?
The same effect happens from 7:20 to 7:30. There is only 1 call at that time but the graph shows 2, because of the surrounding data points.
[1]: /storage/temp/274864-splunk-concurrency-data.png
[2]: /storage/temp/274863-splunk-concurrency.png
↧