I am really struggling on how to frame the question.
In essence I need to display the duration trucks are spends waiting in a carpark and display the average waiting time. But this must further be split down by shifts
So early is say 6am - 2pm, Late is 2pm to 10pm and Nights are 10pm to 6am
So I have used this code to determine what current shift is based on hour of the day:-
|eval iHour=strftime(strptime(TIMESTAMP,"%Y-%m-%d %H:%M:%S"),"%H")
|eval iDay=strftime(strptime(TIMESTAMP,"%Y-%m-%d %H:%M:%S"),"%Y-%m-%d")
|eval iDay=round(strptime(iDay,"%Y-%m-%d"),0)
|eval iDay=if(iHour>=22 AND iHour <24,iDay+86400,iDay)
|eval shift=if(iHour >= 6 AND iHour < 14,"Early",if(iHour >= 14 AND iHour < 22,"Late","Night"))
And this for working out average queue times but for a week
|dedup MANIFESTID
|search STATE=6 AND LOADTYPE="L"
|eval iTrkConfirmed=strptime(TIMEPARK,"%Y-%m-%d %H:%M:%S")
|eval iTrkCallForward=strptime(TIMEDPLY,"%Y-%m-%d %H:%M:%S")
|eval iTrkQueueTime = round((iTrkCallForward - iTrkConfirmed)/3600,2)
|timechart span=1d avg(iTrkQueueTime) as Avg_QueueTime
|timewrap 1w
| foreach * [eval <>=round('<>',2)]
Both from different searches but I just cannot for the life of me work out how to take the salient pieces from each search to allow me to display the average wait time by shift.
Any help or pointers would be greatly appreciated..
Thank you
↧