How to convert HH:MM:SS.6Q time format in to Minut...

gravi · ‎12-03-2019

Hi,

I am trying to convert Timestamp into Minutes and the result is not being displayed. I have the timestamp format as HH:MM:SS.SSSSSS and I want to convert to Minutes.

I have tried using |convert dur2sec(since) as TimeinSec | eval timeinMin=TimeinSec/60 but did not work.

could you please help?

woodcock · ‎12-03-2019

Like this:

| makeresults 
| eval time="12:34:56.654321" 

| rename COMMENT AS "Everything above generates sample event data; everything below is your solution"

| rex field=time "(?:(?:(?<duration_hours>\d+):)?(?<duration_minutes>\d+):)?(?<duration_seconds>.+)$" 
| fillnull value=0 duration_hours duration_minutes 
| eval duration = duration_seconds + (60 * (duration_minutes + (60 * duration_hours))) 
| fieldformat duration = tostring(duration, "duration")
| fieldformat duration_in_minutes = duration / 60

richgalloway · ‎12-03-2019

Use strptime to convert Timestamp into seconds then convert to minutes.

... | eval Minutes=strptime(Timestamp, "%H:%M:%S.%6N")/60

---
If this reply helps you, Karma would be appreciated.

How to convert HH:MM:SS.6Q time format in to Minutes

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?

How to convert HH:MM:SS.6Q time format in to Minutes

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)