Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Convert seconds to MM:SS.ms

splunk_learner
Explorer
‎10-07-2013 04:43 AM

Hi
I am trying to convert seconds.milliseconds for ex 4.6566, 0.55,1.2 to Minutes:Second.milliseconds format
I tried tostring(time,duration) but it returns Days:hours:minutes:seconds
Please help

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎10-07-2013 05:00 AM

Hi splunk_learner

try something like this:

... | eval n=strftime(timeStr, "%M:%S.%N")

This example returns the minute, seconds and subseconds from the timeStr field.
See the docs on Commontimeformatvariables for more information on the time format.

update:

just learned that strptime is for time stamp parsing, where strftime is for time stamp formatting.

hope this helps...

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎10-07-2013 05:00 AM

Hi splunk_learner

try something like this:

... | eval n=strftime(timeStr, "%M:%S.%N")

This example returns the minute, seconds and subseconds from the timeStr field.
See the docs on Commontimeformatvariables for more information on the time format.

update:

just learned that strptime is for time stamp parsing, where strftime is for time stamp formatting.

hope this helps...

cheers, MuS

Reply
Solved! Jump to solution

twinspop
Influencer
‎10-07-2013 07:20 AM

MuS was right there, just one change: Use strftime instead of strptime.

| eval test=4.678 | eval str=strftime(test,"%M:%S.%N")

str returned as "00:04.678000000"

Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎10-07-2013 06:16 AM

a reverted convert mstime() would be the perfect match here

0 Karma
Reply
Solved! Jump to solution

sowings
Splunk Employee
Splunk Employee
‎10-07-2013 06:11 AM

The OP indicated that they have seconds.milli and wanted a nice human-readable string. Sounds like they want strftime (with caveats).

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎10-07-2013 05:51 AM

no strftime takes epochtime as input as were strptime takes a time represented by a string....but now after some testing it looks like strptime isn't working either 😞

0 Karma
Reply
Solved! Jump to solution

sowings
Splunk Employee
Splunk Employee
‎10-07-2013 05:44 AM

Did you mean strftime? Also, the latter will interpret timestr as # of seconds since the Unix epoch. While for times < 1 hour (3600 sec) it works just fine, when you start showing the hour, it may deliver confusing results (e.g. in my time zone, I get "16:00:05.12" for an input of "5.12").

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...