Hello!
I am a new to developing visualizations/dashboards, can someone please guide my learning by recommending how to approach solving the following problem?
I created a search to identify the duration/time users might experience when logging into one of our applications.
The search results are placed in a table as shown below:
UserID ----- Login Session Duration (In seconds)
bob001 ---- 7s
anil002 ---- 10s
chris03 ---- 14s
Below is the search I am using:
index=ags sourcetype=agslogs | tranaction startwith=Retrieving endswith=Retrieved | stats sum(duration) by UserID | rename sum(duration) as "login Duration(seconds)" | rename userID as "AGS User Name"
Your assistance/guidance is highly appreciated!
@sdav124 - I've reviewed your code, and have some questions about what you are trying to do.
You've calculated not how long any particular logon took, but the total amount of time taken by that user over whatever time you ran the query.
Perhaps you meant avg()
or max()
rather than sum()
? I'm going to assume max()
is correct, and that 10 seconds is your baseline.
index=ags sourcetype=agslogs
| transaction startswith=Retrieving endswith=Retrieved
| stats max(duration) as maxduration by UserID
| where maxduration> 10
| rename userID as "AGS User Name", maxduration as "login Duration(seconds)"
Typo correction...
"I am a new to developing visualizations/dashboards, can someone please guide my learning by recommending approaches to solving the following problem?"