Solved: Sum of call_duration

joshftx · ‎11-22-2011

I have a field called "call_duration" expressed as 00:00:17, and another field called "Party1Name" which is simply a name string.
How can I sum these duration times up per caller?
I have tried this:

sourcetype=smdr|stats sum(Call_duration) by Party1Name
but Call_duration ends up being empty.

_d_ · ‎11-22-2011

Try this instead:

sourcetype=smdr | eval duration=strptime(call_duration,"%H:%M:%S") | stats sum(duration) by Party1Name

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

EDIT: The reason you need to use strptime functions is because Splunk looks at the call_duration as a simple string and not as seconds that can be added or performed any arithmetic functions on. Hope this clarifies it.

View solution in original post

_d_ · ‎11-22-2011

Try this instead:

sourcetype=smdr | eval duration=strptime(call_duration,"%H:%M:%S") | stats sum(duration) by Party1Name

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

EDIT: The reason you need to use strptime functions is because Splunk looks at the call_duration as a simple string and not as seconds that can be added or performed any arithmetic functions on. Hope this clarifies it.

_d_ · ‎11-22-2011

Glad to hear. Please mark as answered. Thanks.

joshftx · ‎11-22-2011

Actually that worked. Thanks. Call_duration had wrong case.

joshftx · ‎11-22-2011

Thanks for the quick response, however, its still blank.

Sum of call_duration

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor