Hi,
We Need to extract a Duration value from the message field (e.g. Duration="10.400")
We Need to summarize this value for a Special time period and we need to multiply the total summ for example with 0,3. How can a value be extracted, added to the new field (e.g. Conference_duration) and this value be used for other operations like multiplying it with a number to get for example a Price for the Duration
Any idea? I am Looking for a good Training to learn the filtering language
For Example in Splunk this would look like
onference has been stopped. | eval total_hours=round(Duration/3600, 3) | eval cost=round(total_hours*$kostenfaktor$,3) | chart sum(cost) as Cost by Service_tag