Hi Everyone
I am trying to calculate how much time an analyst spend on offense. to make things simple I have data as below
Offense ID start_time Event Name Offense_Assign_To
92 2020-04-23 18:25:35 Offense Assigned admin
92 2020-04-23 18:31:48 Offense Assigned -1
92 2020-04-23 18:32:03 Offense Assigned admin
92 2020-04-23 18:32:22 Offense Closed OffenseClosed
these events describe following situation
1. Offense 92 assigned to analyst admin at 18:25:35
2. Offense 92 unassiged from analyst at 18:31:48, that mean analyst worked on the offense for 6mins and 13 secs
3. Offense 92 assigned to analyst admin again at 18:32:03
4. Offense 92 closed at 18:32:22, that means analyst worked on the offense for 19 secs and closed the offense.
I need to capture the time between event 1 and 2 (6m 13s) and between event 3 and 4 (19s)
so the summary would be analyst spend 6m32s on offense 92.
Anyone done this kind of exercise before? or many funcation may need to use in thie AQL?
Thank you for advance
------------------------------
Linsong Guo
------------------------------