How to convert HH:MM:SS.6Q time format in to Minut...

gravi · ‎12-03-2019

Hi,

I am trying to convert Timestamp into Minutes and the result is not being displayed. I have the timestamp format as HH:MM:SS.SSSSSS and I want to convert to Minutes.

I have tried using |convert dur2sec(since) as TimeinSec | eval timeinMin=TimeinSec/60 but did not work.

could you please help?

woodcock · ‎12-03-2019

Like this:

| makeresults 
| eval time="12:34:56.654321" 

| rename COMMENT AS "Everything above generates sample event data; everything below is your solution"

| rex field=time "(?:(?:(?<duration_hours>\d+):)?(?<duration_minutes>\d+):)?(?<duration_seconds>.+)$" 
| fillnull value=0 duration_hours duration_minutes 
| eval duration = duration_seconds + (60 * (duration_minutes + (60 * duration_hours))) 
| fieldformat duration = tostring(duration, "duration")
| fieldformat duration_in_minutes = duration / 60

richgalloway · ‎12-03-2019

Use strptime to convert Timestamp into seconds then convert to minutes.

... | eval Minutes=strptime(Timestamp, "%H:%M:%S.%6N")/60

---
If this reply helps you, Karma would be appreciated.

How to convert HH:MM:SS.6Q time format in to Minutes

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation