Below I have sample data from a process that Blue Prism outputs during each event in a process. I am trying to create a time chart that tracks how long it takes each process to run. What I need is some sort of chart that has different colored lines for each process. However, I cannot quite get that to work.
currprocessid: a2672568-5faf-4ebe-a3d8-d16542fb7a96 currprocessname: Auto Payoff currprocesstype: 0 eventId: endProcess mainprocessid: a2672568-5faf-4ebe-a3d8-d16542fb7a96 mainprocessname: Auto Payoff pageid: 00000000-0000-0000-0000-000000000000 pagename: Main Page resourceName: computer1 sessionNumber: 110995 sessionid: 8dce2381-0db4-4e69-a15e-0b84091ee489 stageid: 47648a05-b3e4-452d-a374-c6f156abc86c stagename: End2 when: 2019-10-01T11:56:56.1005506Z
This is the search I have:
index="rpa" | stats earliest(_time) AS earliest latest(_time) AS latest BY sessionid | eval duration = tostring((latest-earliest), "duration")
This is obviously not correct as it's not populating the data properly.
The Y-axis would have the time in minutes, while the X-axis would be by date. The lines in the graph would be by the average sessionid completion time by mainprocessname.
I hope this makes sense.
as a fun note, you can use range to calculate duration. It will not format it, but in a chart, you will need it as a number, not a string.
you also mention you want this by date, which I don't see in the query provided.
something to get you started might be:
index=rpa |stats range(_time) as duration max(_time) as _time by sessionId |eval duration_min=round(duration/60,2) |timechart avg(duration_min) as avg_duration_min by sessionId