This is my table that I have extracted with the help of this query:
index=auto_adv_txn_preprod source=cap ( alfaws OR IODS*DAOImpl OR prism OR service- ) ADV_AAOSF07
| rex "^(?:[^ \n]* ){3}(?P [^ ]+)(?:[^ \n]* ){5}(?P [^ ]+)(?:[^ \n]* ){7}(?P \d+)\s+-\s+(?P \d+)"
| eval ServiceCall1 = replace(ServiceCall, "/\d+,*","/{id}")
| eval ServiceCall = mvindex(split(ServiceCall1, ";"),0)
| eval Functionality = replace(TID, "_\d+","")
| table TID, ServiceCall, Functionality, ResTime
Here is the initial Output :
This is the Output I am expecting:
The Time Difference Column will have the Time difference of URLType1 with Sum of all other URLTypes for any particular TID and Functionality. Any kind of help is appreciated.
... View more