Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to convert seconds to hours and minutes?

jfeitosa
Path Finder
‎06-20-2016 11:50 AM

How to convert the search results in seconds to hours and minutes?

This my search:

index=pan* (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) | eval MB=bytes/1024/1024  |transaction src_ip dest_ip startswith="start" endswith="end" | search eventcount>2 | stats values(sourcetype) as sourcetype, values(dest_hostname) as URL, sum(MB) as MB, sum(duration) as duration(Sec) by user |  table user URL MB duration(Sec)

alt text

Thank you in advance!

Preview file
44 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎06-20-2016 11:53 AM

Like this

index=pan* (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) | eval MB=bytes/1024/1024 |transaction src_ip dest_ip startswith="start" endswith="end" | search eventcount>2 | stats values(sourcetype) as sourcetype, values(dest_hostname) as URL, sum(MB) as MB, sum(duration) as duration(Sec) by user | table user URL MB duration(Sec) 
| eval "duration(Sec)"=tostring('duration(Sec)',"duration")

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎06-20-2016 11:53 AM

Like this

index=pan* (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) | eval MB=bytes/1024/1024 |transaction src_ip dest_ip startswith="start" endswith="end" | search eventcount>2 | stats values(sourcetype) as sourcetype, values(dest_hostname) as URL, sum(MB) as MB, sum(duration) as duration(Sec) by user | table user URL MB duration(Sec) 
| eval "duration(Sec)"=tostring('duration(Sec)',"duration")
Reply
Solved! Jump to solution

jfeitosa
Path Finder
‎07-14-2016 12:17 PM

alt text

Now I need the browsing team in each url, not the sum per user.
Como alterar a busca para trazer o tempo para cada url?

Search:

index=pan_logs (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) rule=URLF_LojaVirtual | eval MB=bytes/1024/1024  |transaction src_ip dest_ip startswith="start" endswith="end" | search eventcount>2 | stats values(dest_hostname) as URL, sum(duration) as duration(HH:MM:SS) by user |  table user URL duration(HH:MM:SS) | convert dur2sec(CallDuration) AS duration | eval "duration(HH:MM:SS)"=tostring('duration(HH:MM:SS)',"duration") | sort -duration(HH:MM:SS) | head 3

Tks

Preview file
68 KB
0 Karma
Reply
Solved! Jump to solution

jfeitosa
Path Finder
‎06-20-2016 12:08 PM

Heck, that's right!

Thanks Somesoni2!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...