Solved: Re: How to calculate the average time in a URL?

rosho · ‎07-22-2019

Hi
I want to calculate the average time of being in a URL.
This SPL shows me the time spent in a URL, but NOT the average

index=fortigate 
| transaction url
| table duration, url

This other SPL gives me the Total average. It is NOT by url

index=fortigate 
| transaction url
| stats avg(duration) AS Avg_Session_Time

chinmoya · ‎07-22-2019

| stats avg(duration) AS Avg_Session_Time by url

View solution in original post

chinmoya · ‎07-22-2019

| stats avg(duration) AS Avg_Session_Time by url

niketn · ‎07-22-2019

@rosho unfortunately I dont think this information is enough for correlating the duration in a URL. What is the event data/field which will determine login and logoff or something similar that URL is in use?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

rosho · ‎07-23-2019

index=bigip host="F5-BOU-4K-A.entourage.intra"
| transaction session_id
| stats avg(duration) AS Avg_Session_time by Client_IP

This will do it. But I do not know how to put the average bytes_in for each clientip

rosho · ‎07-23-2019

Can you give me an example?

nabeel652 · ‎07-22-2019

I think you need to add session_id in your query otherwise it will not differentiate between different sessions/users.

How to calculate the average time in a URL?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases