It seems a good try, but where I should set the duration of 5 minutes per event?

Also, I check it in my code, and there is a new field called new_duration, which is good, but I don't know why, TotalDuration appears empty :S

I have problem with sum(X) and avg(X) with stats, I think they worked but my results appear empty the most of times, and I don't understand why.

Thanks a lot, you're being really helpful! 🙂

Try this

| stats count as TotalAlerts | eval Total_time = tostring(TotalAlerts*5, "duration") | table TotalAlerts, Total_time

I saw you had another question about finding the average. If this is related, I would change the search to this

 | stats count as TotalAlerts | eval Total_time = TotalAlerts*5 | stats avg(Total_time) as AvgTime | fieldformat AvgTime =tostring(AvgTime, "duration")

At this one the average is not a theme. I tried what you said before and the results are these:

TotalAlerts Total_time
25211 1+11:00:55

I want to set a new field of 5 minuts for each alert, but the results doesn't seems realistic to me, I mean 5 minuts for 25211 alerts, seems quite difficult that the total spent time handling alerts is 1 day and 11 hours :S

I was calculating and I think I am wrong and the result is correct like this. I just realised, if now I am correct, that it let's the time in seconds although I'm setting 5 minutes. And calculating (((Total_time/60)/60)/24) It give this "1+11:00:55"

I get it! Thanks for you comments! 🙂

It's something like this, I've tried, but I think the final result is not correct. Maybe because we are not setting that this 5 is 5 minutes or I don't knwo why. I keep trying this 🙂 thanks!