https://community.splunk.com/t5/Splunk-ITSI/Time-difference-in-splunk/m-p/479347#M1787 <P>Hi @vijaya5,<BR /> to calculate a difference of two dates/times, you have to transform them in epochtime (using strptime function) then you can caculate the difference:</P> <PRE><CODE>| eval diff=strptime(time2,"%Y-%m-%d %H:%M:%S")-strptime(time1,"%Y-%m-%d %H:%M:%S") </CODE></PRE> <P>Ciao.<BR /> Giuseppe</P> Wed, 26 Feb 2020 13:51:17 GMT gcusello 2020-02-26T13:51:17Z https://community.splunk.com/t5/Splunk-ITSI/Time-difference-in-splunk/m-p/479346#M1786 <P>I have time stamp like below format<BR />2020-02-17 18:23:04</P> <P>and i woul like to calculate the differene between two such fields start an end times of an activity. which function i can use to get time difference if the time format is like above?.</P> Sun, 07 Jun 2020 00:31:58 GMT https://community.splunk.com/t5/Splunk-ITSI/Time-difference-in-splunk/m-p/479346#M1786 vijaya5 2020-06-07T00:31:58Z https://community.splunk.com/t5/Splunk-ITSI/Time-difference-in-splunk/m-p/479347#M1787 <P>Hi @vijaya5,<BR /> to calculate a difference of two dates/times, you have to transform them in epochtime (using strptime function) then you can caculate the difference:</P> <PRE><CODE>| eval diff=strptime(time2,"%Y-%m-%d %H:%M:%S")-strptime(time1,"%Y-%m-%d %H:%M:%S") </CODE></PRE> <P>Ciao.<BR /> Giuseppe</P> Wed, 26 Feb 2020 13:51:17 GMT https://community.splunk.com/t5/Splunk-ITSI/Time-difference-in-splunk/m-p/479347#M1787 gcusello 2020-02-26T13:51:17Z