Hi New to Splunk:
Trying to calculate average session lengths ( in time ) for sessions that have failed. And one for sessions that are successful. Below is what i have put together:
index=CCTV streaming_realm=* SessionFailed | bucket span=1m _time | dedup device_id, requested_deliverable | search SessionID="*" | stats range(_time) AS Session_Duration_sec by SessionID | stats avg(Session_Duration_Sec)
