Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Sum Duration
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
query:
index=ctap source="/charter/apps/gwtrbl/logs/troubleshooting*.log" host=sc58laopp0* End of Branch Execution : WorkflowLogger accountNumber="8245*" | eval it = strptime(branchExecutionStartTime, "%a %b %e %H:%M:%S %Z %Y") | eval ot = strptime(BranchExeEndTime, "%a %b %e %H:%M:%S %Z %Y") | eval duration= tostring((ot - it), "duration") | lookup branchIdsNew.csv branchId | table accountNumber treeId branchId BRANCH_ABBREV branchExecutionStartTime, BranchExeEndTime, duration _time | sort - _time
Results:
accountNumber treeId branchId BRANCH_ABBREV branchExecutionStartTime BranchExeEndTime duration _time
8.24512E+15 DT0000000001716 DTB000000014925 The customer's issue has been resolved Tue Jul 12 07:43:30 CDT 2016 Tue Jul 12 07:43:30 CDT 2016 00:00.0 2016-07-12T07:43:30.899-0500
8.24512E+15 DT0000000001716 DTB000000014924 Does customer have dial tone now Tue Jul 12 07:43:30 CDT 2016 Tue Jul 12 07:43:30 CDT 2016 00:00.0 2016-07-12T07:43:30.791-0500
8.24512E+15 DT0000000001716 DTB000000014898 Provisioning Check Tue Jul 12 07:43:24 CDT 2016 Tue Jul 12 07:43:27 CDT 2016 00:03.0 2016-07-12T07:43:27.617-0500
8.24512E+15 DT0000000001716 DTB000000014924 Does customer have dial tone now Tue Jul 12 07:43:22 CDT 2016 Tue Jul 12 07:43:24 CDT 2016 00:02.0 2016-07-12T07:43:24.699-0500
8.24512E+15 DT0000000001716 DTB000000014922 Have customer perform a power cycle Tue Jul 12 07:41:51 CDT 2016 Tue Jul 12 07:43:22 CDT 2016 01:31.0 2016-07-12T07:43:22.167-0500
8.24512E+15 DT0000000001716 DTB000000014921 Does modem have any lights on/blinking Tue Jul 12 07:41:46 CDT 2016 Tue Jul 12 07:41:51 CDT 2016 00:05.0 2016-07-12T07:41:51.280-0500
8.24512E+15 DT0000000001716 DTB000000014917 Has cust moved modem or added splitters Tue Jul 12 07:41:40 CDT 2016 Tue Jul 12 07:41:45 CDT 2016 00:05.0 2016-07-12T07:41:45.995-0500
8.24512E+15 DT0000000001716 DTB000000014890 Does cust have issues with any other services Tue Jul 12 07:41:38 CDT 2016 Tue Jul 12 07:41:40 CDT 2016 00:02.0 2016-07-12T07:41:40.576-0500
8.24512E+15 DT0000000001716 DTB000000015662 Determine if the customer is at home Tue Jul 12 07:41:29 CDT 2016 Tue Jul 12 07:41:38 CDT 2016 00:09.0 2016-07-12T07:41:38.414-0500
8.24512E+15 DT0000000001716 DTB000000014899 Verify if the customer's modem is online Tue Jul 12 07:39:34 CDT 2016 Tue Jul 12 07:41:29 CDT 2016 01:55.0 2016-07-12T07:41:29.401-0500
8.24512E+15 DT0000000001716 DTB000000014897 DRUM Check Tue Jul 12 07:39:30 CDT 2016 Tue Jul 12 07:39:34 CDT 2016 00:04.0 2016-07-12T07:39:34.253-0500
8.24512E+15 DT0000000001716 DTB000000014888 Outage Check Tue Jul 12 07:39:30 CDT 2016 Tue Jul 12 07:39:30 CDT 2016 00:00.0 2016-07-12T07:39:30.418-0500
8.24512E+15 DT0000000001716 DTB000000014876 Billing Check Tue Jul 12 07:39:29 CDT 2016 Tue Jul 12 07:39:29 CDT 2016 00:00.0 2016-07-12T07:39:29.950-0500
How do I sum the duration values to create Total_duration?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try like this
index=ctap source="/charter/apps/gwtrbl/logs/troubleshooting*.log" host=sc58laopp0* End of Branch Execution : WorkflowLogger accountNumber="8245*" | eval it = strptime(branchExecutionStartTime, "%a %b %e %H:%M:%S %Z %Y") | eval ot = strptime(BranchExeEndTime, "%a %b %e %H:%M:%S %Z %Y") | eval duration= (ot - it) | lookup branchIdsNew.csv branchId | table accountNumber treeId branchId BRANCH_ABBREV branchExecutionStartTime, BranchExeEndTime, duration _time | sort - _time
| eventstats sum(duration) as Total_duration | eval duration= tostring(duration, "duration") | eval Total_duration = tostring(Total_duration , "duration")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try like this
index=ctap source="/charter/apps/gwtrbl/logs/troubleshooting*.log" host=sc58laopp0* End of Branch Execution : WorkflowLogger accountNumber="8245*" | eval it = strptime(branchExecutionStartTime, "%a %b %e %H:%M:%S %Z %Y") | eval ot = strptime(BranchExeEndTime, "%a %b %e %H:%M:%S %Z %Y") | eval duration= (ot - it) | lookup branchIdsNew.csv branchId | table accountNumber treeId branchId BRANCH_ABBREV branchExecutionStartTime, BranchExeEndTime, duration _time | sort - _time
| eventstats sum(duration) as Total_duration | eval duration= tostring(duration, "duration") | eval Total_duration = tostring(Total_duration , "duration")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Add the group by fields in eventstats as required.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...
Deep insights, no barriers: Splunk Observability Cloud Free Edition
Monitoring AI Agents with Splunk Observability Cloud
