Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to find the difference between 2 times in date time format?

karthikTIL
Path Finder
‎08-28-2014 12:12 AM

HI, I have two fields A and B with time format as 1/07/2014 3:41:12 PM.
Please let me know how to find difference between A and B in hours with this format?

e.g., if A is 1/07/2014 3:41:12 PM and B is 2/07/2014 2:41:12 PM, B-A should be 23 hours

Reply
1 Solution
Solved! Jump to solution
Solution

tom_frotscher
Builder
‎08-28-2014 12:53 AM

Hi,

you could convert your two timestamps to epoch time, which is then seconds. Then you can calculate the difference between your timestamps in seconds (your B-A). After this you divide the result by 3600 which is an hour in seconds. If you want, you can then round to a full hour or whatever you like:

| eval epoch_A=strptime(A,"%d/%m/%Y %I:%M:%S %p") | eval epoch_B=strptime(B,"%d/%m/%Y %I:%M:%S %p") | eval diff=round(('epoch_B'-'epoch_A') / 3600)

View solution in original post

Reply
Solved! Jump to solution

karthikTIL
Path Finder
‎09-08-2014 08:59 PM

HI, is there a way in splunk to get the difference only on the business hours i.e., from 9AM to 5PM and excluding saturday,sunday,public holidays?

0 Karma
Reply
Solved! Jump to solution
Solution

tom_frotscher
Builder
‎08-28-2014 12:53 AM

Hi,

you could convert your two timestamps to epoch time, which is then seconds. Then you can calculate the difference between your timestamps in seconds (your B-A). After this you divide the result by 3600 which is an hour in seconds. If you want, you can then round to a full hour or whatever you like:

| eval epoch_A=strptime(A,"%d/%m/%Y %I:%M:%S %p") | eval epoch_B=strptime(B,"%d/%m/%Y %I:%M:%S %p") | eval diff=round(('epoch_B'-'epoch_A') / 3600)
Reply
Solved! Jump to solution

karthikTIL
Path Finder
‎08-28-2014 06:15 PM

Excellent,Thanks Tom

0 Karma
Reply
Solved! Jump to solution

tom_frotscher
Builder
‎08-28-2014 01:05 AM

Try to replace the " with ' symbols for the first argument in the strptime function. Like this:

"eval epoch_A=strptime('Assigned_TIME',"%d/%m/%Y %I:%M:%S %p") | eval epoch_B=strptime('In Progress_TIME',"%d/%m/%Y %I:%M:%S %p") | eval diff=round(('epoch_B'-'epoch_A') / 3600)|table diff"
Reply
Solved! Jump to solution

karthikTIL
Path Finder
‎08-28-2014 12:57 AM

I dont find output when i mention this
"eval epoch_A=strptime("Assigned_TIME","%d/%m/%Y %I:%M:%S %p") | eval epoch_B=strptime("In Progress_TIME","%d/%m/%Y %I:%M:%S %p") | eval diff=round(('epoch_B'-'epoch_A') / 3600)|table diff"

fyi., A is Assigned_Time and B is In Progress_Time

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...