Re: Create dashboard and relatorio

fiveitsplunk · ‎08-09-2019

Hello,

I would like to create 03 reports, but I have difficulties.
What happens, I need to create:
- Calls that are not answered by extension;
- Calls that are answered by extension successfully;

Calls made by extension successfully;
Unsuccessful extension calls;

But I notice that I can't filter by time, because there are links
00:00:00, so I can't create a report using just the "status" of the call because it usually has "normal clean call".

It is possible to make a query in the way that, define that the calls "received" by time, and consider that with the value 00:00:00 s;

Att,
Richard

richgalloway · ‎08-13-2019

Perhaps this will get you started.

index=foo duration="00:00:00" cause_description=* | table _time cause_description

---
If this reply helps you, Karma would be appreciated.

fiveitsplunk · ‎08-16-2019

I could not resolve with this condition

richgalloway · ‎08-19-2019

What do you get? Did you make any necessary changes for your environment (correct index and field names) ?

---
If this reply helps you, Karma would be appreciated.

fiveitsplunk · ‎08-12-2019

What I'd like to create is a report where you filter:
Call that came in and was not answered by anyone, in this case those that have the time value 00:00:00;

richgalloway · ‎08-09-2019

It would help if you shared some sample events, sanitized as necessary.

---
If this reply helps you, Karma would be appreciated.

fiveitsplunk · ‎08-12-2019

It is possible to create a query, containing only calls with "zero duration" and the cause of the call.
"cause_description"?

Create dashboard and relatorio

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases