How to report on open requests over time
I have a series of logs which contain a request start time and a request end time. I would like to build a timeslice query which is the total number of requests open during the slice. These are websocket requests which may remain open for long periods of time.
-
Official comment
Nate,
timeslice queries only run against the _messagetime field, so what you are suggesting will not work. But you can convert the timestamps to epoch and then do a straight math comparison to define each slice. It will take a little more query work, but it is possible.
Eric
Please sign in to leave a comment.
Comments
1 comment