Solved: Duration of a single event

CarmineCalo · ‎01-29-2018

Splunkers!

I need to compute the duration of a event, as the difference between the two field (END_TIME and OPEN_TIME).
Time format of END_TIME and OPEN_TIME is the following: 2017-12-31-20.01.37.000000

Code is the following:

| eval END_INC=strptime(CLOSE_TIME, "%b %d %Y %H.%M.%S.%3N%P"), BEG_INC=strptime(OPEN_TIME, "%b %d %Y %H.%M.%S.%3N%P")
| eval duration=END_INC - BEG_INC

Not clear how to set parameters in strptime.

Any help?

Tks!
Carmine

Ayn · ‎01-29-2018

A reference on variables you can use when parsing timestamps with strptime can be found in the docs here: http://docs.splunk.com/Documentation/Splunk/6.6.3/SearchReference/Commontimeformatvariables

In your case you want something like %Y-%m-%d-%H.%M.%S.%6N.

View solution in original post

Ayn · ‎01-29-2018

A reference on variables you can use when parsing timestamps with strptime can be found in the docs here: http://docs.splunk.com/Documentation/Splunk/6.6.3/SearchReference/Commontimeformatvariables

In your case you want something like %Y-%m-%d-%H.%M.%S.%6N.

CarmineCalo · ‎01-29-2018

Tks, it works!
Now I got how to use strptime.

Tks Again,
Carmine

MuS · ‎01-29-2018

Welcome back @Ayn ! It's been a long time 😉

cheers, MuS

PS: you should sign up for slack as well http://docs.splunk.com/Documentation/Community/1.0/community/Chat

Duration of a single event

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!