Search: Calculate the difference between the time of an event to the next event (duration between each event)

Aus Wiki-WebPerfect
Wechseln zu: Navigation, Suche

You can calculate the difference between the _time of an event to the event after it (duration for each event) with command streamstats.

Example with the difference between the field _time:

<your search query>
| streamstats range(_time) as Duration window=2
| table _time, Duration