For a game, my logs log two times, a login event and a logoff event. What I want to do is calculate the total online time of a player in splunk. They are two separate events, and I can find them through queries. I'm not sure how to get the total online time of a player (I don't need to break it down into daily events, just the total overall sum of the time they played)
I think a way to do this would be to sum the timestamps of all of the logon events for a player, then subtract the sum of all the logoff events for the player (My math might be wrong, but I have a feeling this would work) How would I go about doing that?
I'm very new to splunk, so please go easy on me.
... View more