Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Time difference in splunk

vijaya5
Engager
‎02-26-2020 05:38 AM

I have time stamp like below format
2020-02-17 18:23:04

and i woul like to calculate the differene between two such fields start an end times of an activity. which function i can use to get time difference if the time format is like above?.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-26-2020 05:51 AM

Hi @vijaya5,
to calculate a difference of two dates/times, you have to transform them in epochtime (using strptime function) then you can caculate the difference:

| eval diff=strptime(time2,"%Y-%m-%d %H:%M:%S")-strptime(time1,"%Y-%m-%d %H:%M:%S")

Ciao.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-26-2020 05:51 AM

Hi @vijaya5,
to calculate a difference of two dates/times, you have to transform them in epochtime (using strptime function) then you can caculate the difference:

| eval diff=strptime(time2,"%Y-%m-%d %H:%M:%S")-strptime(time1,"%Y-%m-%d %H:%M:%S")

Ciao.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Welcome back to Splunk Classroom Chronicles, our ongoing blog series that pulls back the curtain on Splunk ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...