Find average time duration in hh:mm

ajmanish · ‎05-03-2021

I am trying to find the average time duration in hh:mm from the data in one column. Below is the search query which gives me data as below and I want the average time duration in hh:mm like average time duration of a column is 01:22 or whatever the value is.

I tried looking for the same articles but nothing seem to work.
Any help would be greatly appreciated. Thank you

search month="Apr,2021" | stats count by "TotalTimeTaken (hh:MM)" |

"TotalTimeTaken (hh:MM)"
00:24
01:44
02:23
00:54

s2_splunk · ‎05-03-2021

This should get you started:

| makeresults 
| eval n="00:24 01:44 02:23 00:54" 
| makemv delim=" " n 
| mvexpand n 
| eval hhmm = substr("00:00:00",1,8-len(n)).n 
| convert dur2sec(hhmm) as seconds 
| stats avg(seconds) as avgsec 
| eval AvgDur = tostring(avgsec, "duration")

First four lines are generating test events from your example data. If you are fine with the average time in seconds, you can skip the last line.

Find average time duration in hh:mm

eval

fields

stats

timechart

tstats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation

Find average time duration in hh:mm

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.