Splunk Enterprise Security

how to convert the day into seconds splunk search query

mahendra559
New Member

25days convert to seconds and
difference with current time to seconds and display the difference time

0 Karma

mahendra559
New Member

alt text

I need ans this format please

0 Karma

manjunathmeti
SplunkTrust
SplunkTrust

25days convert to seconds and difference with current time to seconds gives 25*24*60*60 which is 25 days. If you need epoch value of day that is 25 days ago from current time then use relative time.

| makeresults 
| eval 25daysago_epoch=relative_time(now(), "-25d"), 25daysago_datetime=strftime('25daysago_epoch', "%d-%m-%Y %H:%M:%S"), current_time=strftime(_time, "%d-%m-%Y %H:%M:%S")
| table current_time, 25daysago_datetime, 25daysago_epoch
0 Karma

richgalloway
SplunkTrust
SplunkTrust

I see several questions there.

1) Convert 25 days into seconds: | eval 25days = 25 * 86400
2) Convert current time to seconds: | eval now = now()
3) Display the difference between now and 25 days ago: | eval diff = now() - relative_time(now(), "-25d")

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...