Search: Calculate the difference between the time of an event to the next event (duration between each event)
Aus Wiki-WebPerfect
Version vom 3. März 2020, 10:00 Uhr von Admin (Diskussion | Beiträge)
You can calculate the difference between the _time of an event to the event after it (duration for each event) with command streamstats.
Example with the difference between the field _time:
<your search query> | streamstats range(_time) as Duration window=2 | table _time, Duration