Hi,

I have a csv file of Cdr call VOIP

I want to view total duration (field ="Durée de la conversation") of one number destination (0611630000) but i don't success for that

I have the information with logstash -> Elasticsearch :

{
"_index": "commerce-2019.01.18",
"_type": "doc",
"_id": "fgusdmgBJeUeACgN3n18",
"_score": 1,
"_source": {
"Nombre de mise en attente": "0",
"Numéro SDA taxé": "0171800000",
"Durée de la conversation": "00:08:12",
"Département de l'Appelant": "Commercial",
"Redirection": "-",
"Type d'appel pour la Facturation": "appel externe",
"Type de l'Appelé": "EXTERNAL_NUMBER",
"Durée de sonnerie": "00:00:12",
"Périphérique de l'Appelé": "[sip-gateway].(SBC).0611630000",
"Label de l'Appelé": "0611630000",
"Label de l'Appelant": "dupond",
"Billing 2": "Siege",
"Billing 1": "test",
"Timestamp début": "18/01/2019 09:26:50",
"PSTN de l'Appelé": "0611630000",
"Diagnostique": "-",
"AAASESSIONID": "-",
"Communauté": "test-community",
"Timestamp fin": "18/01/2019 09:35:13",
"ID de l'Enregistrement CDR ": "SID-CDR-TEST",
"Pages de Fax": "-",
"Type d'appel": "Outgoing external",
"Initiateur de l'Appel": "1083",
"Appelé": "0611630000",
"Appelant": "1083",
"Durée de mise en attente": "00:00:00",
"SIP Call ID 2": "-",
"ID de l'Appel": "CId[1367303]",
"@timestamp": "2019-01-18T08:26:50.000Z",
"@version": "1",
"adresse IP": "1X.X.X.X:5060",
"Site de l'Appelant": "Siege-ALL",
"SIP Call ID 1": "a977269a-2280-d550-3858-1fe7db8357a0@10.Y.Y.Y",
"Durée de la conf": "00:00:00",
"terminal distant appelé": "-",
"Numéro Composé": "00611630000",
"terminal distant appelant": "-",
"host": "elk",
"Etat du CDR": "Succès",
"ID du Flux d'Appel ": "SID-CDR-TEST",
"Type de l'Appelant": "STATION",
"IPTC": "09",
"Timestamp de Redirection": "-",
"ID du prochain CDR": "-",
"Périphérique de l'Appelant": "[csip-yealink-t41p]",
"Cause de fin": "Terminé par l'appelant"
},
"fields": {
"@timestamp": [
"2019-01-18T08:26:50.000Z"
]
}
}

Help me please I'm news on ELK

thank's

ps : Excuse my english I use google translate, I'm french

From what I can see, you don't have a duration field in your data, just a start and end timestamp. Is that correct?

If so, you'll need to create a scripted field that calculates the duration by subtracting the start from the end. Then you can create a visualization over the sum of duration and create a filter for the specific number.

Hi

thank's for your reply

I have The duration field => "Durée de la conversation": "00:08:12"

when I test to add visualizatoin for sum de duration field I have this message :

But I don't know how to configure field type number

That is not a number, so you can not map it as such. I would recommend converting it to seconds before indexing it into Elasticsearch, as there is no built in support for durations in that format.

Thank's for your reply

Do you have a Url to explain this converting in logstash ?

merci

I found this in other topic

convert duration from hour:min:second 00:00:00 into a float of minutes

csv {
# hour:min:second
columns => [ "hours", "minutes", "seconds"]
source => "voice_duration"
separator => ":"
}

ruby {
code => "event.set('duration', ( (event.get('hours').to_f * 60) + event.get('minutes').to_f + (event.get('seconds').to_f / 60 )))"
}
mutate {
remove_field => [ "voice_duration", "hours", "minutes", "seconds"]
}

IT's ok my field or not ?

Did you try it? Did it work?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.