Hi,
I have individual persons data available in the form of csv files. Here i want to generate reports on those data.So i uploaded those csv files on to splunk for indexing and creating reports.
I uploaded each person's csv files this way - Add data->From-Files&Directories -> Upload&IndexFile -> More Settings -> SourceType-> from list > csv .
So csv files are uploaded successfully.Here i made each person's data available in different host i.e.,Prson A's host as A ,person B's host as B ,person C's host as C and so on.
Here is the sample entries for person A:
Day Date InTime OutTime
Sun 1.08.2013 8:33 17:39
Mon 2.03.2013 8:38 17:40
Tue 2.03.2013 8:33 19:28
Wed 2.03.2013 8:32 17:37
.
.
.
Each person is having the same fields with different values.Here I took only person A's data and calculated the difference between InTime & OutTime.The query is below:
host="A" | convert mstime(OutTime) AS otime | convert mstime(InTime) AS itime |eval durationHrs=(otime - itime )/60 | timechart values(durationHrs) As myDurationHrs
This is working fine.If i want come up with report which includes each person's data and i wanted to calculate each person's Average durationHrs (i.e.,durationHrs=(otime - itime )/60 and avg(durationHrs)),how to do that,because here i have each host representing each persons.If my persons count is more than 10 or something,how to combine them in a single query (like - host="A"host="B" host="C" ... host="Z")?
At the end i want in a chart should show the average_durationHrs for each person.
How to do this?
... View more