Find average time duration in hh:mm

ajmanish · ‎05-03-2021

I am trying to find the average time duration in hh:mm from the data in one column. Below is the search query which gives me data as below and I want the average time duration in hh:mm like average time duration of a column is 01:22 or whatever the value is.

I tried looking for the same articles but nothing seem to work.
Any help would be greatly appreciated. Thank you

search month="Apr,2021" | stats count by "TotalTimeTaken (hh:MM)" |

"TotalTimeTaken (hh:MM)"
00:24
01:44
02:23
00:54

s2_splunk · ‎05-03-2021

This should get you started:

| makeresults 
| eval n="00:24 01:44 02:23 00:54" 
| makemv delim=" " n 
| mvexpand n 
| eval hhmm = substr("00:00:00",1,8-len(n)).n 
| convert dur2sec(hhmm) as seconds 
| stats avg(seconds) as avgsec 
| eval AvgDur = tostring(avgsec, "duration")

First four lines are generating test events from your example data. If you are fine with the average time in seconds, you can skip the last line.

Find average time duration in hh:mm

eval

fields

stats

timechart

tstats

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Accelerating Observability as Code with the Splunk AI Assistant

Join the Conversation

Find average time duration in hh:mm