Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Time difference in splunk

vijaya5
Engager
‎02-26-2020 05:38 AM

I have time stamp like below format
2020-02-17 18:23:04

and i woul like to calculate the differene between two such fields start an end times of an activity. which function i can use to get time difference if the time format is like above?.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎02-26-2020 05:51 AM

Hi @vijaya5,
to calculate a difference of two dates/times, you have to transform them in epochtime (using strptime function) then you can caculate the difference:

| eval diff=strptime(time2,"%Y-%m-%d %H:%M:%S")-strptime(time1,"%Y-%m-%d %H:%M:%S")

Ciao.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎02-26-2020 05:51 AM

Hi @vijaya5,
to calculate a difference of two dates/times, you have to transform them in epochtime (using strptime function) then you can caculate the difference:

| eval diff=strptime(time2,"%Y-%m-%d %H:%M:%S")-strptime(time1,"%Y-%m-%d %H:%M:%S")

Ciao.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...