- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to put working hours from each user by day in a time chart
rens78
New Member
08-10-2017
05:10 AM
My search so far:
index=notimportant EventID=4624 [ inputlookup users.csv | fields TargetUserName ] | chart eval(latest(_time) - earliest(_time)) as total by TargetUserName | fieldformat total=strftime(total, "%H:%M")
What I'm doing is:
Get the earliest event from the result and the latest event from the result (the results are Microsoft login events). Subtracting the logout time from the login time so I get the working times.
Problems:
I cannot display times in a time/timechart (when I remove the ":" characters the chart works).
When I change the type from chart --> timechart the entry's in the timechart are displayed by the long number notations (not human readable, I forgot the name of this notation).
All I want is the working hours from each user by day, thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DalJeanis
Legend
08-10-2017
07:21 AM
Try this ...
index=notimportant EventID=4624 [ inputlookup users.csv | fields TargetUserName ]
| bin _time as myday span=1d
| stats min(_time) as mintime max(_time) as maxtime by TargetUserName myday
| eval TotalHours = round((maxtime-mintime)/3600,2)
| rename mintime as _time
| timechart span=1d sum(TotalHours) as TotalHours by TargetUserName
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rens78
New Member
08-14-2017
01:36 AM
Awsome!!!!
