Hi guys,
im a beginner in Splunk and my issue is that I have Cisco logs and I need to find out the conference duration but there is no field like duration so I have to make it through timestamps.
Below you can see that kind of log and I don't know how to get the timestamps and then calculate the difference between them, please help, im thankful for any idea.
Just a part of Cisco log:
2814 2018/01/22 09:56:39.008 APP Info conference "Terminal 1" created
2846 2018/01/22 12:01:30.213 APP Info conference "Terminal 1": deleted via API (no participants)
... View more