Hi all,
I have the following type of data with session information:
starttime=1477419810 endtime=1477419818 count=5 user=abc
starttime=1477419811 endtime=1477419819 count=3 user=def
starttime=1477419813 endtime=1477419818 count=4 user=def
starttime=1477419814 endtime=1477419818 count=2 user=abc
The count field is the actual amount of "sessions started" by the user at "starttime" which ended at "endtime".
Now if I want to calculate the concurrency of each event I can naturally calculate the duration and perform the concurrency command. However the value of "count"
... | eval duration=endtime-starttime | concurrency duration=duration
However I want to sum the value of count as concurrency using the start and end times as the window. So instead of seeing a concurrency of 4 between starttime=1477419814 and endtime=1477419818 I should see 14.
Any help would be appreciated.
↧