topic Re: How to substract two fields on epoch in Getting Data In

How to substract two fields on epoch

Emp — Tue, 10 Aug 2021 15:32:49 GMT

Hi,

I tried to find answers on the forum but I didn't find any working solutions.

I had two fields with "hour / minute / second" like:

TReceived > 17:13:10

TSent > 17:12:20

I'm trying to substract TSent from TReceived and put it into a table.

I did something like :

| eval start=strptime(TSent, "%H:%M:%S.%N"), end=strptime(TReceived, "%H:%M:%S.%N")

| eval difference=end-start

|table end,start,difference

As a result, I correctly have something on the "end" and "star" column but "difference" stays empty.

Am I missing something?

Thanks.

manjunathmeti — Tue, 10 Aug 2021 15:37:44 GMT

Your query is working.

Emp — Wed, 11 Aug 2021 07:14:02 GMT

I didn't know the "makeresults" command. Seems easier to check with this.

On my side, my request is a bit more complicated but in the end, my "diff" column was still empty with this exact command |eval difference=end-start.

With your confirmation that the request was working correctly, I found the solution and it was a simple mistake...

My "eval" command was before the "table" command and couldn't work.

I changed the order and now it's working perfectly.

It wasn't so much but thanks, it helps me a lot to clear my mind 😉

manjunathmeti — Wed, 11 Aug 2021 07:50:30 GMT

You're welcome! I'm glad it helped🙂