Hello guys,
I am trying to search/formulate a method to determine the range of time (hours) in a day for which the resource was accessed. To clarify it, I have given an example below because, as of now, I don't have any query to paste here. I am still searching for a way to do that.
what I have:
2019-01-01 15:40:55 "Record X accessed"
2019-01-01 15:50:38 "Record Z accessed"
2019-01-01 16:08:40 "Record Y accessed"
2019-01-01 16:48:29 "Record xx accessed"
2019-01-02 13:43:29 "Record xx accessed"
2019-01-02 13:48:29 "Record xx accessed"
2019-01-02 16:08:43 "Record xx accessed"
2019-01-02 17:48:29 "Record xx accessed"
2019-01-03 6:48:29 "Record xx accessed"
2019-01-03 7:35:57 "Record xx accessed"
2019-01-03 8:45:29 "Record xx accessed"
2019-01-03 10:35:29 "Record xx accessed"
What I want:
2019-01-01 3PM - 5PM
2019-01-02 1PM - 6PM
2019-01-03 6AM - 11AM
I don't need the 3 field here as that has been taken care of, and if you need to know what the 3 field is, it is actually a 10 digit long records number.
Please help me with any idea, links, or resources that i can look into.
Thank you in advance.
You can do something like this:
| eval date = strftime(_time, "%Y-%m-%d")
| stats latest(_time) as end earliest(_time) as start by date
| eval end = strftime(end, "%I:%M %p")
| eval start= strftime(start, "%I:%M %p")
| table date start end
All the best
You can do something like this:
| eval date = strftime(_time, "%Y-%m-%d")
| stats latest(_time) as end earliest(_time) as start by date
| eval end = strftime(end, "%I:%M %p")
| eval start= strftime(start, "%I:%M %p")
| table date start end
All the best