Solved: How to create average duration over time overlay i...

kmedara · ‎09-25-2019

I have a time chart that displays the average duration of calls for each day in the time range, the time range is set with a time picker. The call duration is parsed out using the rex command.

rex field=_raw "Duration : (?<hh>\d+):(?<mm>\d+):(?<ss>\d+\.\d+)" | eval dur = (hh * 3600) + (mm * 60) + ss | timechart span=1d avg(dur)

The current results look like:

I am looking for something like this with the dashed line like so:

adonio · ‎09-25-2019

please elaborate, what will be the data populating the chart overlay?
try this search anywhere, in the case you are perusing some sort of running average:

| gentimes start=-7 increment=2h
| eval _time = starttime 
| eval duration = random()%1000 + 3000
| sort - _time
| timechart span=4h avg(duration) as avg_dur
| streamstats time_window=24h avg(avg_dur) as dur_running_avg

View solution in original post

adonio · ‎09-25-2019

please elaborate, what will be the data populating the chart overlay?
try this search anywhere, in the case you are perusing some sort of running average:

| gentimes start=-7 increment=2h
| eval _time = starttime 
| eval duration = random()%1000 + 3000
| sort - _time
| timechart span=4h avg(duration) as avg_dur
| streamstats time_window=24h avg(avg_dur) as dur_running_avg

kmedara · ‎09-25-2019

streamstats avg(avg_dur) was exactly what I needed, thank you

adonio · ‎09-25-2019

cool,

converting to an answer, kindly accept it so other will know it worked for you

How to create average duration over time overlay in timechart

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!