Hello team !!
Im working whit CDR of SMS and I have to find a way to visualize that two fields are repeated more than 10 times in a minute
Could you help me find a way to do it?
This is a part of my CDR
14:00:06.495844|2022-09-13 14:00:06.495847|2022-09-13 14:00:06|MT|3385251555|56271948588
origin:3385251555
dest:56271948588
I want to see when it repeats the same origin and the same destination more than 10 times in 1 minute
Thank you very much for your help and time
Use streamstats or stats, e.g. with stats you can use
search...
| bin _time span=1m
| stats count by _time origin dest
| where count>10
which will do 1 minute boundary counting, so if you get 9 occurrences between 9:00:45 and 9:00:52 and then another 5 at 9:01:02 it will not find this. To find these examples, use streamstats, e.g.
| streamstats time_window=1m count by origin dest
| where count>10
| bin _time span=1m
| stats max(count) as max by _time origin dest
Note these examples assume origin and dest are fields in your data, but hopefully this will give you something to go with
Use streamstats or stats, e.g. with stats you can use
search...
| bin _time span=1m
| stats count by _time origin dest
| where count>10
which will do 1 minute boundary counting, so if you get 9 occurrences between 9:00:45 and 9:00:52 and then another 5 at 9:01:02 it will not find this. To find these examples, use streamstats, e.g.
| streamstats time_window=1m count by origin dest
| where count>10
| bin _time span=1m
| stats max(count) as max by _time origin dest
Note these examples assume origin and dest are fields in your data, but hopefully this will give you something to go with
Thanks very much for you help . I´ll check