Hi,
I have to calculate duration in milliseconds which is working, but when I add file size data to the query, the duration goes to 0. Can anyone provide any guidance as to what's happening and how to resolve it?
Here's the query that works:
FILE="*" | stats range(timestamp) as durationms by FILE | eval duration=durationms/1000
but if I run this:
FILE="*" | stats range(timestamp) as durationms by FILE, FileSize | eval duration=durationms/1000
then duration and durationms go to 0.
Thanks in advance!