How to calculate the age of the tickets ?

chitreshakumar · ‎01-21-2018

I want to add a panel which will show the age of the tickets .
I have start time ,finish time and will take current time for those tickets whose finish time is null .So basically age is difference of finish and start time .How to apply this in Splunk?

p_gurav · ‎01-22-2018

Hi,

Try this:

| eval finishtime_new = case(isnull(finishtime), currenttime) | eval finishtime_epoch = (finishtime_new, "format_of_finishtime_new") | eval starttime_epoch = (starttime, "format_of_startime") | eval diff = finishtime_epoch - starttime_epoch

p_gurav · ‎01-22-2018

Hi chitreshakumar,

you can convert starttime and finishtime in epoch usingstrptime function using eval:
| eval finishtime_epoch = (finishtime, "") | eval starttime_epoch = (starttime, "") | eval diff = finishtime_epoch - starttime_epoch

chitreshakumar · ‎01-22-2018

there is one condition if the finish time is not defined or null then this query will give wrong answer

p_gurav · ‎01-22-2018

You can make new field :

| eval finishtime_new = case(isnull(finishtime), currenttime)

mayurr98 · ‎01-22-2018

give us sample format of starttime and finishtime

chitreshakumar · ‎01-22-2018

its the date and time of the ticket generated

How to calculate the age of the tickets ?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to calculate the age of the tickets ?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...