About vbhadra

vbhadra · ‎10-21-2021

Sorry I realised the query I have pasted is also wrong, I wanted to paste the below instaed: index=* mac="783e535cf278" ("ACI_CAC_COMPLETED") | stats max(_time) as maxtime min(_time) as mintime | eval difference=maxtime-mintime | eval difference=strftime(difference,"%d:%H:%M:%S") Sorry for the mess, this is my first time here, so please bear with me :).

vbhadra · ‎10-21-2021

clarify CAC_COMPLETED and ACI_CAC_COMPLETED are same, all the events are prefixed with ACI_. Sorry for the cofusion.

vbhadra · ‎10-21-2021

Hi I am working in a system which looks for DFS (Dynamic Frequency Selection) channels. The search starts with the following event: CAC_STARTED. If if find a DFS channel then the search ends with CAC_COMPLETED and stays in DFS channel. If there is a radar detected, then the search ends with CAC_STOPPED and the system switches to non-DFS channel. Later the system again searches for DFS channel with CAC_STARTED and the patter follows. I am trying to calculate the time spent on DFS and non-channels in a day. Can someone please help me with the queries. I tried the following: index=* mac="0cf9c0fef6fe" ("ACI_CAC_COMPLETED") | sort _time | stats max(_time) as maxtime min(_time) as mintime | eval maxt=strftime(maxtime,"%d:%H:%M:%S") | eval mint=strftime(mintime,"%d:%H:%M:%S") This gives me the total time spend on DFS channel BUT only if the system has never switched to non-DFS channel, ie., the ACI_CAC_STOPPED event never appeared in the whole span. How do I check if there was a ACI_CAC_STOPPED event in between an calculate the dfs and non-dfs time spent durations? Please advise.

Posts	3
Solutions	0
Karma Given	4
Karma Received	0
Member Since	‎10-21-2021

Online Status	Offline
Date Last Visited	‎11-08-2021 03:12 PM

Finding the duration of time spent in two differen...

Re: Finding the duration of time spent in two diff...

Re: Finding the duration of time spent in two diff...

Finding the duration of time spent in two differen...