Help converting time format and age

devsupport · ‎05-05-2019

I have a time format field "2019-05-02T19:43:00.0000000Z" and need two things: a) convert to y-m-d h:m:s format and b) calculate age (ex. older than 12 hours). What is the best approach to this? Thank you in advance.

MuS · ‎05-05-2019

Hi devsupport,

take a look at this search:

| makeresults 
| eval foo="2019-05-02T19:43:00.0000000Z", myEpoch=strptime(foo, "%Y-%m-%dT%H:%M:%S.%7NZ"), "a)"=strftime(myEpoch, "%Y-%m-%d %H:%M:%S"), "b)"=tostring(now() - myEpoch, "duration")

This will create the time stamp in your expected format and calculates the age since it occurred.

Hope this helps ...

cheers, MuS

devsupport · ‎05-06-2019

Thank you Mus. When running the query, the b column returns this: 3+17:35:59.000000

Can that number be changed to round to the nearest hour? Appreciate the help.

MuS · ‎05-06-2019

Well, try it with your real events. The provided answer has 2019-05-02T19:43:00.0000000Z hard coded.

cheers, MuS