topic 2 timestamp, the rest identical, how calculate duration ? in Splunk Search https://community.splunk.com/t5/Splunk-Search/2-timestamp-the-rest-identical-how-calculate-duration/m-p/452904#M128221 <PRE><CODE>tim:2019-01-18 10:27:54,id:bee236 tim:2019-01-18 10:38:07,id:bee236 tim:2019-01-21 09:27:09,id:thierry403 tim:2019-01-21 09:37:21,id:thierry403 </CODE></PRE> <P>cherry on the cake : the duration is near 10 min. So I will search bots who made a second try in time between 595 and 605secs.<BR /> If tools on frequency could be more practical or efficient all solutions are welcome <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /> thx for your help</P> Fri, 22 Mar 2019 09:58:11 GMT splunkLPN 2019-03-22T09:58:11Z 2 timestamp, the rest identical, how calculate duration ? https://community.splunk.com/t5/Splunk-Search/2-timestamp-the-rest-identical-how-calculate-duration/m-p/452904#M128221 <PRE><CODE>tim:2019-01-18 10:27:54,id:bee236 tim:2019-01-18 10:38:07,id:bee236 tim:2019-01-21 09:27:09,id:thierry403 tim:2019-01-21 09:37:21,id:thierry403 </CODE></PRE> <P>cherry on the cake : the duration is near 10 min. So I will search bots who made a second try in time between 595 and 605secs.<BR /> If tools on frequency could be more practical or efficient all solutions are welcome <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /> thx for your help</P> Fri, 22 Mar 2019 09:58:11 GMT https://community.splunk.com/t5/Splunk-Search/2-timestamp-the-rest-identical-how-calculate-duration/m-p/452904#M128221 splunkLPN 2019-03-22T09:58:11Z Re: 2 timestamp, the rest identical, how calculate duration ? https://community.splunk.com/t5/Splunk-Search/2-timestamp-the-rest-identical-how-calculate-duration/m-p/452905#M128222 <P>try this:</P> <PRE><CODE>[your search|transaction id|eval dur_seconds=round((duration/1000),0)|table _time id dur_seconds </CODE></PRE> Fri, 22 Mar 2019 10:24:57 GMT https://community.splunk.com/t5/Splunk-Search/2-timestamp-the-rest-identical-how-calculate-duration/m-p/452905#M128222 nickhills 2019-03-22T10:24:57Z Re: 2 timestamp, the rest identical, how calculate duration ? https://community.splunk.com/t5/Splunk-Search/2-timestamp-the-rest-identical-how-calculate-duration/m-p/452906#M128223 <P>simple and efficient</P> Fri, 22 Mar 2019 11:27:10 GMT https://community.splunk.com/t5/Splunk-Search/2-timestamp-the-rest-identical-how-calculate-duration/m-p/452906#M128223 splunkLPN 2019-03-22T11:27:10Z