Hello,
I am trying to find the difference between two time stamps using the below search:
index=abc | eval average_response_time = strptime(response, "%d-%m-%Y T%H:%M:%S.%3N") - strptime(request, "%d-%m-%Y T%H:%M:%S.%3N")
I have attached the screen shot of it which has request and response..I want to calculate the time difference between them.
Thanks in advance
Try ending like this instead:
... | eval average_response_time = tostring((strptime(response, "%d-%b-%Y %H:%M:%S.%3N") - strptime(request, "%d-%b-%Y %H:%M:%S.%3N") ), "duration")
The timeformat should be "%d-%b-%Y %H:%M:%S.%3N"
thanks Somesh