Solved: Re: How to calculate number of days between two ep...

scheidelljm · ‎04-26-2016

I'm calculating the diff between two dates in different formats which is working, unless the "start date" and "end date" are the same. This results in an epoch diff of "0" and if you strftime a "0" into days, it thinks it's 31 days, but it should be 0 days. Is there a better java time variable to convert "0" in epoch into 0 days?

Examples:
STATUSDATE=19.04.2016
CREATIONDATE=19.04.2016

eval epochcreate=strptime(CREATIONDATE, "%d.%m.%Y") | eval epochstatus=strptime(STATUSDATE, "%d.%m.%Y") | eval diff = epochstatus-epochcreate |  eval resolutiontime = strftime(diff, "%d")

This will give you a value for diff of 0.000000 and a value for resolutiontime of 31, expected resolutiontime should be 0.

scheidelljm · ‎04-26-2016

Nevermind, I'm an idiot. You can't strf diff. Diff is not an epoch date, it is a diff in seconds. This gives the expected result.
eval resolutiontime = diff/60/60/24

View solution in original post

scheidelljm · ‎04-26-2016

Nevermind, I'm an idiot. You can't strf diff. Diff is not an epoch date, it is a diff in seconds. This gives the expected result.
eval resolutiontime = diff/60/60/24

JeffLeshin · ‎08-21-2017

If it makes you feel any better - you're not the only idiot. Made the same mistake when I was wanting to create a nicer string out of a time difference in seconds. Thanks for posting your answer.

How to calculate number of days between two epoch timestamps?

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann