Solved: How to convert 2021-12-09 11:46:50.000069 timestam...

cadrija · ‎12-12-2021

I have the following data in the table.

I need to get the duration of the batch running time, I have the start & end time of each date. I need to calculate Batch_End-Batch_Start.
Normal eval is not giving me any output. Hence I was thinking of converting the timestamps in epoc & then doing eval Duration=(End_epoc-Start_epoc).

For this I need to convert timestamp like 2021-12-09 11:46:50.000069 to epoch time.

Please help.

ITWhisperer · ‎12-12-2021

| eval end_epoch=strptime(Batch_end,"%Y-%m-%d %H:%M:%S.%6Q")

View solution in original post

gcusello · ‎12-12-2021

Hi @cadrija,

did you tried to use eval strptime at the end of the search?

something like this_

<all_your_search>
| eval duration=strptime(batch_end,"%Y-%m-%d %H:%M:%S.%6N")-strptime(batch_start,"%Y-%m-%d %H:%M:%S.%6N")

Ciao.

Giuseppe

cadrija · ‎12-12-2021

@gcusello This works!
Thanks a lot!

cadrija · ‎12-12-2021

@gcusello Okay let me try this.

ITWhisperer · ‎12-12-2021

| eval end_epoch=strptime(Batch_end,"%Y-%m-%d %H:%M:%S.%6Q")

cadrija · ‎12-12-2021

Thanks @ITWhisperer

How to convert 2021-12-09 11:46:50.000069 timestamp to epoch time.

dashboard

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)