Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

2 timestamp, the rest identical, how calculate duration ?

splunkLPN
Path Finder
‎03-22-2019 02:58 AM 
tim:2019-01-18 10:27:54,id:bee236
tim:2019-01-18 10:38:07,id:bee236
tim:2019-01-21 09:27:09,id:thierry403
tim:2019-01-21 09:37:21,id:thierry403

cherry on the cake : the duration is near 10 min. So I will search bots who made a second try in time between 595 and 605secs.
If tools on frequency could be more practical or efficient all solutions are welcome 🙂
thx for your help

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎03-22-2019 03:24 AM

try this:

[your search|transaction id|eval dur_seconds=round((duration/1000),0)|table _time id dur_seconds
If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

splunkLPN
Path Finder
‎03-22-2019 04:27 AM

simple and efficient

0 Karma
Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎03-22-2019 03:24 AM

try this:

[your search|transaction id|eval dur_seconds=round((duration/1000),0)|table _time id dur_seconds
If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...