Hi Splunk experts, My events have a timeline that tells me how long certain operations took. What I'm trying to determine is how frequently "item_B" has a longer duration than "item_C". The array is not guaranteed to have the same order every time so I need to access each object in the array by the "label" field. Any suggestions? timeline":[
{
"label":"item_A",
"duration":1
},
{
"label":"item_B",
"duration":955,
},
{
"label":"item_C",
"duration":0,
},
{
"label":"item_D",
"duration":55,
}
]
... View more