Solved: How to convert hours into days

yvassilyeva · ‎06-10-2021

Hi,

I have the following duration format that i'd like to convert into days.

Initial Format Desired Format
8741:44 364 days

4487:19 186.9 days

Is there an efficient way to convert this format into days? Thank you in advance.

kamlesh_vaghela · ‎06-10-2021

@yvassilyeva

Can you please try this?

YOUR_SEARCH
| eval "Desired Format"=round(tonumber(mvindex(split('Initial Format',":"),0))/24,2)." Days"

My Sample Search :

| makeresults 
| eval "Initial Format"="8741:44|4487:19", "Initial Format"=split('Initial Format',"|") | mvexpand "Initial Format"
| rename comment as "Upto Now is sample data only"
|table "Initial Format"
| eval "Desired Format"=round(tonumber(mvindex(split('Initial Format',":"),0))/24,2)." Days"

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

View solution in original post

kamlesh_vaghela · ‎06-10-2021

@yvassilyeva

Can you please try this?

YOUR_SEARCH
| eval "Desired Format"=round(tonumber(mvindex(split('Initial Format',":"),0))/24,2)." Days"

My Sample Search :

| makeresults 
| eval "Initial Format"="8741:44|4487:19", "Initial Format"=split('Initial Format',"|") | mvexpand "Initial Format"
| rename comment as "Upto Now is sample data only"
|table "Initial Format"
| eval "Desired Format"=round(tonumber(mvindex(split('Initial Format',":"),0))/24,2)." Days"

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

yvassilyeva · ‎06-14-2021

Thank you, that is exactly it!

How to convert hours into days

other

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?