Hi ,
I have snow data for change requests in splunk, I want to create a dashboard which gives the average duration of change request ( from actual start date and actual end date ) for type of the change .
type of change can derived from short_description field.
On y-axis ( average duration ) and on x -axis ( type of change request( short_description) , I have written this query but this is not giving the average duration of change . The result which I am getting is too high , may be its calculating for all the events for same change number . Not sure .
index=servicenow short_description IN ("abc", "xyz", "123")
| eval start_date_epoch = strptime(dv_opened_at, "%Y-%m-%d %H:%M:%S"), end_date_epoch = strptime(dv_closed_at, "%Y-%m-%d %H:%M:%S")
| eval duration_hours = (end_date_epoch - start_date_epoch ) /3600
| eval avg_duration = round (avg_duration_hours, 0)
| stats avg(duration_hours) as avg_duration by change_number, short_description
| eventstats avg(avg_duration) as overall_avg_duration by short_description | eval ocb = round (overall_avg_duration ,0)
| table short_description, ocb
... View more