I was extracting some volume data for PE testing from prod systems, using following query
I am expecting to get stats from 9AM to 6PM event counts with respect to proxy names. but following code creating stats for entire day please help me to remove these extra data.
Query
index= index_Name environmentName= Env_name clientAppName="App_Name"
| eval eventHour=strftime(_time,"%H")
| where eventHour<18 AND eventHour>=9
| timechart count span=60m by proxyName
result :
TIme
Proxy1
proxy2
2022-02-16 06:00
0
0
2022-02-16 07:00
0
0
2022-02-16 08:00
0
0
2022-02-16 09:00
27
34
The best way to narrow the time window is by using the earliest and latest options in the search command.
To find the events between 9am and 6pm today:
index= index_Name environmentName= Env_name clientAppName="App_Name" earliest=#d+9h latest=#d+18h
| timechart count span=60m by proxyName
To find the events from yesterday between 9am and 6pm:
index= index_Name environmentName= Env_name clientAppName="App_Name" earliest=-1d#d+9h latest=-1d#d+18h
| timechart count span=60m by proxyName
The #d+9h construct says to go to the beginning of the day and add 9 hours.
Related
I want to be able to show the sum of an event (let's say clicks) per day but broken down by user type. The results I'm looking for will look like this:
User Role
01/01
01/02
01/03
...
Guest
500
450
348
55
Admin
220
200
150
75
Here is my initial start but I'm unsure how to do the pivots on this to produce a table and visual chart
earliest=-30d index=* role=Guest OR role=Admin | count clicks as clickCount | ...
I'm unsure on how to both only count by day but then also only count by role to render them as shown above. Thanks for the help in advance.
You can create a timechart by day and then untable, convert the _time into a day field with formatted mm/dd value, and then construct an xyseries with the rows as columns and the day as the header:
| timechart span=1d count by role as "User Role"
| untable _time name value
| eval day=strftime(_time, "%m/%d")
| xyseries name day value
I have imported a data extracted from a cisco call center in SQLITE table. These data deals with information related to the incoming calls .
Among this table , there is a column called "queue time" which indicates the time spent by the caller waiting in the queue before reaching an agent . I would like to write a select query that calcultes the average time of the "queuetime" and the result should be in time format .
I tried with many queries but without any success:
SELECT strftime('%H:%M:%S',AVG("QUEUETIME"))
FROM "CSQ Agent Report"
The result is the following:
[('12:00:00',), ('12:00:00',), ('12:00:00',), ('12:00:00',), ('12:00:00',), ('12:00:00',)]
For:
SELECT AVG("QUEUETIME"))) FROM "CSQ Agent Report"
The result is the folowing:
[(0.0,)]
Here is a partial copy of the Queuetime column :
00:00:05
00:00:05
00:00:08
00:00:03
00:00:02
00:01:45
00:00:05
00:00:03
00:00:06
00:00:24
00:00:06
00:00:46
Thanks for your support
You must convert the time values to numbers which are unix timestamps since the start of epoch which is '1970-01-01 00:00:00' to perform the average calculation and after you get the numeric result you must convert back to time with the function time():
SELECT TIME(AVG(strftime('%s', Queuetime)), 'unixepoch') avg_time
FROM CSQAgentReport
See the demo.
Results:
> | avg_time |
> | :------- |
> | 00:00:18 |
I have a query that returns me a count.
I want to get all the counts of a daily/weekly/monthly granularity, spanning a year back.
Currently I can get the counts manually from the presets (last 30 days, last 15 days, etc), or the date range (e.g. Between 20180101 - 20180201), but what I really want is a query that says
"get me a weekly count that spans a year back from today", and it'll return:
2018-11-15 to 2018-11-22 : count = 10
2018-11-08 to 2018-11-15 : count = 3
2018-11-01 to 2018-11-08 : count = 6
...
2017-11-15 to 2017-11-22 : count = 11
This should get you started.
index=foo earliest=-1y | bucket span=1w _time | stats count by _time
I have a table that looks like this:
id | flight_number | departure_time | arrival_time
---+---------------+----------------+-------------
1 | UAL123 | 07:00:00 | 08:30:00
---+---------------+----------------+-------------
2 | AAL456 | 07:30:00 | 08:40:00
---+---------------+----------------+-------------
3 | SWA789 | 07:45:00 | 09:10:00
I'm trying to figure out an SQL query that can get upcoming flights based on departure time given the current time. For instance, at 07:20, I would like to return AAL456, SWA789 since those flights have not departed yet. At 07:40, I would like to just return SWA789. What is a good way to do this?
Well, you can use LOCALTIME to get the current time. So, if the departure_time is stored as a time, then:
select t.*
from t
where t.departure_time > localtime;
This assumes no time zone information is part of the time value. Also, it will return no flights after the last flight has departed for a day (which is consistent with the phrasing of your question).
I am designing a SQL table to store hours of operation for stores.
Some stores have very simple hours: Monday to Sunday from 9:30AM to 10:00PM
Others are little more complicated. Please consider the following scenario:
Monday: Open All Day
Tuesday: 7:30AM – 2:30PM & 4:15PM – 11:00 PM
Wednesday: 7:00PM – 12:30 AM (technically closing on Thursday morning)
Thursday: 9:00AM – 6:00PM
Friday: closed.
How would you design the table(s)?
EDIT
The hours will be used to showing if a store is open at a user selected time.
A different table can probably handle any exceptions, such as holidays.
The store hours will not change from week to week.
A table like this would be easy for both the output you posted, as well as just firing a bit back (open? yes/no):
Store | Day | Open | Closed
---------------------------
1 | 1 | 0000 | 2400
1 | 2 | 0730 | 1430
1 | 2 | 1615 | 2300
...
Features:
Using 24-hour isn't necessary, but makes math easier.
Store ID would presumably join to a lookup table where you stored Store information
Day ID would translate to day of week (1 = Sunday, 2 = Monday, etc.)
To query for your dataset, just:
SELECT Day, Open, Close... (you'd want to format Open/Close obviously)
To query IsOpen?, just:
SELECT CASE WHEN #desiredtime BETWEEN Open AND Closed THEN 1 ELSE 0 END
FROM table
WHERE store = #Store
Think of it more as defining time frames, days / weeks are more complex, because they have rules and defined start and stops.
How would you define a timeframe?
one constraint (Start[Time and Day]), one reference 'Duration' (hours, minutes,.. of the span)*. Now the shifts (timeframes) can span multiple days and you don't have to work complex logic to extract and use the data in calculations.
**Store_Hours**
Store | Day | Open | DURATION
---------------------------
1 | 1 | 0000 | 24
1 | 2 | 0730 | 7
1 | 2 | 1615 | 6.75
...
1 | 3 | 1900 | 5.5
Do you have to do more than just store and display it?
I think a design which needs to tell if a store is open at a particular time would have to be informed by all of the possibilities, otherwise, you will end up not being able to accommodate something.
What about holiday exceptions?
I would consider storing them as intervals based on a base time (minutes since time 0 on a week).
So 0 is midnight on Monday.
Interval 1 would be 0 - 1440
Interval 2 would be 1890 - 2310
etc.
You could easily convert a user selected time into a minute offset and determine if a store was open.
Your only problem remaining would be interpretation in display for friendly display (probably some extensive logic, but not impossible) and overlap at time 10080 -> 0.