Re^2: analyzing data

in reply to Re: analyzing data
in thread analyzing data

Second that. In your example, src_port varies, so does dest_ip. In the result row, you are using the src_port of the 6th row, although it looks that this row is not used in the result due to different dest_ip. Also, what about the times, are they truncated or rounded and how? Can we assume that all entries are sorted by time? The first step is to actually specify what you want to do.

Comment on Re^2: analyzing data

Replies are listed 'Best First'.
Re^3: analyzing data by matt00perl (Novice) on Apr 23, 2014 at 10:01 UTC
they are not sorted by time, all i want is to show how long one src_ip spent on particular dest_ip	[reply]
Re^4: analyzing data by Theodore (Friar) on Apr 23, 2014 at 11:11 UTC
You can't know that. You can know how much time passed between the first and the last packet from a specific src_ip to a specific dst_ip for a specific arbitrary time span or a specific log file. Example: You may have one day's worth of data. There is a packet going from ip A to ip B at 00:01. There is a second packet between A and B at 23:59. Is this (23 hours 58 mins) "how long" ip A spent on ip B?	[reply]

In Section Seekers of Perl Wisdom