×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
cyphr0st
Explorer
Member since: ‎04-13-2015
‎04-23-2024
Community Statistics
Posts 5
Solutions 0
Karma Given 34
Karma Received 2
Member Since ‎04-13-2015
Activity Feed
View All

Re: Count Stats by Two Fields in One Search

by in Splunk Search
‎03-08-2016 11:49 AM
‎03-08-2016 11:49 AM
Couldn't you just do "| chart count by query,q" to get the results for both fields? ... View more

Re: How to calculate the sum of a "duration" field...

by in Security
‎04-13-2015 12:41 PM
‎04-13-2015 12:41 PM
I narrowed it down. The seconds print out correctly, but when "eval totalDuration=strftime(totalSecs, "%H:%M:%S")" is added the totals do not come out correctly for the top 5. user totalSecs totalDuration user 1 148603874617.000000 23:59:59 user 2 84304119903.000000 23:59:59 user 3 67157542422.000000 23:59:59 user 4 51439802027.000000 23:59:59 user 5 35722091866.000000 23:59:59 user 6 32864320734.000000 23:59:59 user 7 21433250455.000000 00:40:55 user 8 12859955225.000000 01:47:05 user 9 12859951693.000000 00:48:13 user 10 10002183716.000000 00:21:56 user11 2857767945.000000 00:25:45 ... View more

Re: How to calculate the sum of a "duration" field...

by in Security
‎04-13-2015 12:21 PM
‎04-13-2015 12:21 PM
these are the durations for user1: Duration 0:02:53 0:09:59 0:00:18 0:02:58 0:00:53 0:06:06 0:02:40 0:14:40 0:00:01 0:06:17 0:01:38 0:02:59 0:05:01 0:02:12 0:08:45 0:01:46 0:01:55 0:05:54 0:00:06 0:00:00 0:00:04 0:02:14 0:00:48 0:01:08 0:04:06 0:04:25 0:00:27 0:05:51 0:04:51 0:00:34 0:00:30 0:02:28 0:03:35 0:00:23 0:05:20 0:00:02 ... View more

Re: How to calculate the sum of a "duration" field...

by in Security
‎04-13-2015 12:12 PM
‎04-13-2015 12:12 PM
This is exactly what I'm looking for. Thank you! I only have one issue. For some reason my top 5 users are displaying the time of 23:59:59. Why would this be? I calculated the CSV times by user in a spreadsheet, the others are correct. e.g. user5 should be displaying a time of 8:53:42.. user1 23:59:59 user2 23:59:59 user3 23:59:59 user4 23:59:59 user5 23:59:59 user6 01:47:05 user7 00:50:45 user8 00:40:55 user9 00:21:56 ... View more

How to calculate the sum of a "duration" field per...

by in Security
‎04-13-2015 09:55 AM
2 Karma
‎04-13-2015 09:55 AM
2 Karma
Okay, I'm new to Splunk -- I'm currently two days deep. I'm attempting to sort users by their duration (duration being the length of time they've spent watching any one video). When I type in: sourcetype=videos | table user duration | sort user duration | reverse , I end up with the same user all of the way down the column on the left associated with the viewing durations on the right. I want to know if there is a way to create a running total of these durations to post a total time watched per user. Example output: user ------ duration tom.jones 00:51:13 tom.jones 00:31:03 tom.jones 00:15:02 tom.jones 00:08:11 tom.jones 00:02:21 steve.corel 00:41:16 steve.corel 00:30:33 steve.corel 00:22:46 etc. Thank you in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-23-2024 07:48 AM
Karma from
View All
Karma given to