Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to convert hours into days

yvassilyeva
Path Finder
‎06-10-2021 05:23 AM

Hi, 

I have the following duration format that i'd like to convert into days. 

Initial Format             Desired Format
  8741:44                            364 days

   4487:19                          186.9 days

Is there an efficient way to convert this format into days? Thank you in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎06-10-2021 05:56 AM

@yvassilyeva 

Can you please try this?

YOUR_SEARCH
| eval "Desired Format"=round(tonumber(mvindex(split('Initial Format',":"),0))/24,2)." Days"

 

My Sample Search :

| makeresults 
| eval "Initial Format"="8741:44|4487:19", "Initial Format"=split('Initial Format',"|") | mvexpand "Initial Format"
| rename comment as "Upto Now is sample data only"
|table "Initial Format"
| eval "Desired Format"=round(tonumber(mvindex(split('Initial Format',":"),0))/24,2)." Days"

 

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎06-10-2021 05:56 AM

@yvassilyeva 

Can you please try this?

YOUR_SEARCH
| eval "Desired Format"=round(tonumber(mvindex(split('Initial Format',":"),0))/24,2)." Days"

 

My Sample Search :

| makeresults 
| eval "Initial Format"="8741:44|4487:19", "Initial Format"=split('Initial Format',"|") | mvexpand "Initial Format"
| rename comment as "Upto Now is sample data only"
|table "Initial Format"
| eval "Desired Format"=round(tonumber(mvindex(split('Initial Format',":"),0))/24,2)." Days"

 

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

0 Karma
Reply
Solved! Jump to solution

yvassilyeva
Path Finder
‎06-14-2021 04:25 AM

Thank you, that is exactly it!

0 Karma
Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...