Calculate sum of duration for Sub calls

Splunk Search

I have data in the following structure received for every event. Some events have just one or two sub calls and some have more sub calls. I need to calculate the sum of the total duration.

subCalls: [ [-]
         { [-]
           completionTimeMs: 69
           method: GET
           statusCode: 200
         }
         { [-]
           completionTimeMs: 77
           method: GET
           statusCode: 200
         }
         { [-]
           completionTimeMs: 956
           method: POST
           statusCode: 200
         }
         { [-]
           completionTimeMs: 201
           method: PATCH
           statusCode: 204
         }
       ]

The below search calculates the sum of all the values in all the events instead of every event. Please suggest on how to proceed further.

mysearch
| eventstats sum(processRelevantFields.eventDetails.subCalls{}.completionTimeMs) as totalDuration
| table traceId, totalDuration

Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub Hello Splunk Community! Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

Are you a member of the Splunk Community?