Splunk Search

Convert Seconds to Days

Path Finder

This search:

index=perfstats host=hostname | chart max(SystemUpTime) as "System Uptime" by host

Outputs a value such as this:

85486.676230500001

Just trying to convert this value in seconds to days.

Thanks. Looked at different posts, but can't seem to convert it effectively.

Tags (2)
0 Karma

Influencer

All that you need is an eval command to do the math and store in a new field

index=perfstats host=hostname | eval UptimeDays = SystemUpTime/86400 | chart max(UptimeDays) as "System Uptime" by host

0 Karma

SplunkTrust
SplunkTrust

The tostring() takes seconds, you've fed it with days. Pick only one way of conversion, not both at once.

0 Karma

Path Finder

Tried to ensure I'm not using multiple conversions at once by using these two searches:

index=perfstats host=hostname | eval UptimeDays = SystemUpTime | chart max(UptimeDays) as "System Uptime" by host | eval System Uptime = tostring('System Uptime', "duration")

index=perfstats host=hostname | chart max(Uptime_Days) as "System Uptime" by host | eval System Uptime = tostring('System Uptime', "duration")

No data found on both. Just an FYI, no need to reply if you don't want. The initial reply is good.

0 Karma

SplunkTrust
SplunkTrust

Another neat thing is this after the chart:

... | eval System Uptime = tostring('System Uptime', "duration")

That will provide a readable string with days, hours, minutes, ...

Path Finder

you mean like this?

index=perfstats host=hostname | eval UptimeDays = SystemUpTime/86400 | chart max(UptimeDays) as "System Uptime" by host | eval System Uptime = tostring('System Uptime', "duration")

I get data like this

00:00:17.723748506149999

Thanks

0 Karma

Path Finder

Thanks very much.

0 Karma