HI Team,
I am using below query, but i want diff column in seconds format, but not sure, it is showing 00:00:19.000000.
I just have to minus response-request. have converted to epoch also.
2019-03-15T05:57:02 - 2019-03-15T05:56:43 == result should be in sec
query is below
index="test_mulesoft" source=RoyalCaninOMSDev "*ProcessOrder*" | rex field=_raw "corelationid.*:\W+(?.*)\"" | eval DateTime=strftime(_time,"%Y-%m-%dT%H:%M:%S") | eventstats earliest(DateTime) as request, latest(DateTime) as response by Request_Id | eval it = strptime(request, "%Y-%m-%dT%H:%M:%S") | eval ot = strptime(response, "%Y-%m-%dT%H:%M:%S") | eval diff = tostring((ot - it), "duration") | table Request_Id,request,response,it,ot,diff
ext]1
Thanks
Sagar
1 Solution
