Hi Experts,
I have data set like below from same index but from different sourcetype, common field on which I can join is aapid, app_id. I want to only show those app id which take more than 20 min time for approval .On the below sample data set I am expacting a table like below.
Appid,Created time , Approved time ,totoal_time
12345,18/Oct/2018 05:06:02,18/Oct/2018 05:40:02,34min
Sourcetye=created
date,status,appid
18/Oct/2018 05:05:02,created,1234
18/Oct/2018 05:06:02,created,12345
18/Oct/2018 05:07:02,created,123456
Sourcetye=approved
date,status,app_id
18/Oct/2018 05:25:02,approved,1234
18/Oct/2018 05:40:02,approved,12345
Regards
VG
↧