Hi,

I have individual persons data available in the form of csv files. Here i want to generate reports on those data.So i uploaded those csv files on to splunk for indexing and creating reports.
I uploaded each person's csv files this way - Add data->From-Files&Directories -> Upload&IndexFile -> More Settings -> SourceType-> from list > csv .
So csv files are uploaded successfully.Here i made each person's data available in different host i.e.,Prson A's host as A ,person B's host as B ,person C's host as C and so on.

Here is the sample entries for person A:

 Day  Date       InTime  OutTime
 Sun  1.08.2013   8:33    17:39
 Mon  2.03.2013   8:38    17:40
 Tue  2.03.2013   8:33    19:28
 Wed  2.03.2013   8:32    17:37
        .
        .
        .

Each person is having the same fields with different values.Here I took only person A's data and calculated the difference between InTime & OutTime.The query is below:

host="A" | convert mstime(OutTime) AS otime | convert mstime(InTime) AS itime |eval durationHrs=(otime - itime )/60 | timechart values(durationHrs) As myDurationHrs

This is working fine.If i want come up with report which includes each person's data and i wanted to calculate each person's Average durationHrs (i.e.,durationHrs=(otime - itime )/60 and avg(durationHrs)),how to do that,because here i have each host representing each persons.If my persons count is more than 10 or something,how to combine them in a single query (like - host="A"host="B" host="C" ... host="Z")?
At the end i want in a chart should show the average_durationHrs for each person.

How to do this?