Re: Convert HR:MIN:SEC format to 1hr:2min:3sec for...

harshparikhxlrd · ‎12-18-2019

Hello, I'm trying to convert my time format for the Duration seen below to a format such as 1hr 2min 30 sec display.

richgalloway · ‎12-18-2019

If I understand the question correctly, you could replace

| eval dur = round((hh*3600) + (mm*60) + ss,2)
| eval dur = tostring(dur,"duration")

with

| eval dur = hh."hr ".mm."min "."ss."sec"

---
If this reply helps you, Karma would be appreciated.

harshparikhxlrd · ‎12-18-2019

Wow, that's exactly what the format. Thank you. Only thing is, if the hours is 0, I wouldn't want the "0" hours to show. Is there any kind of conditional logic we could use for that.

So, instead of showing 0hrs 55 min 30 sec, show 55 min 30 sec, without the 0. And if the hours are more than 1 hour, then display it as such.

harshparikhxlrd · ‎12-18-2019

Also slight correction to your post. But yeah, replacing those 2 lines of code with this works.

| eval dur = hh."hr ".mm."min ".ss."sec"

richgalloway · ‎12-18-2019

Try this.

| eval dur = hh."hr ".mm."min ".ss."sec" 
| rex field=dur mode=sed "s/0hr (.*)/\1/"

---
If this reply helps you, Karma would be appreciated.

Convert HR:MIN:SEC format to 1hr:2min:3sec format

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest