Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to convert seconds to hours and minutes?

jfeitosa
Path Finder
‎06-20-2016 11:50 AM

How to convert the search results in seconds to hours and minutes?

This my search:

index=pan* (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) | eval MB=bytes/1024/1024  |transaction src_ip dest_ip startswith="start" endswith="end" | search eventcount>2 | stats values(sourcetype) as sourcetype, values(dest_hostname) as URL, sum(MB) as MB, sum(duration) as duration(Sec) by user |  table user URL MB duration(Sec)

alt text

Thank you in advance!

Preview file
44 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎06-20-2016 11:53 AM

Like this

index=pan* (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) | eval MB=bytes/1024/1024 |transaction src_ip dest_ip startswith="start" endswith="end" | search eventcount>2 | stats values(sourcetype) as sourcetype, values(dest_hostname) as URL, sum(MB) as MB, sum(duration) as duration(Sec) by user | table user URL MB duration(Sec) 
| eval "duration(Sec)"=tostring('duration(Sec)',"duration")

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎06-20-2016 11:53 AM

Like this

index=pan* (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) | eval MB=bytes/1024/1024 |transaction src_ip dest_ip startswith="start" endswith="end" | search eventcount>2 | stats values(sourcetype) as sourcetype, values(dest_hostname) as URL, sum(MB) as MB, sum(duration) as duration(Sec) by user | table user URL MB duration(Sec) 
| eval "duration(Sec)"=tostring('duration(Sec)',"duration")
Reply
Solved! Jump to solution

jfeitosa
Path Finder
‎07-14-2016 12:17 PM

alt text

Now I need the browsing team in each url, not the sum per user.
Como alterar a busca para trazer o tempo para cada url?

Search:

index=pan_logs (type=TRAFFIC AND vendor_action=allow) OR (type=THREAT AND vendor_action=alert) rule=URLF_LojaVirtual | eval MB=bytes/1024/1024  |transaction src_ip dest_ip startswith="start" endswith="end" | search eventcount>2 | stats values(dest_hostname) as URL, sum(duration) as duration(HH:MM:SS) by user |  table user URL duration(HH:MM:SS) | convert dur2sec(CallDuration) AS duration | eval "duration(HH:MM:SS)"=tostring('duration(HH:MM:SS)',"duration") | sort -duration(HH:MM:SS) | head 3

Tks

Preview file
68 KB
0 Karma
Reply
Solved! Jump to solution

jfeitosa
Path Finder
‎06-20-2016 12:08 PM

Heck, that's right!

Thanks Somesoni2!

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...