Find average time duration in hh:mm

ajmanish · ‎05-03-2021

I am trying to find the average time duration in hh:mm from the data in one column. Below is the search query which gives me data as below and I want the average time duration in hh:mm like average time duration of a column is 01:22 or whatever the value is.

I tried looking for the same articles but nothing seem to work.
Any help would be greatly appreciated. Thank you

search month="Apr,2021" | stats count by "TotalTimeTaken (hh:MM)" |

"TotalTimeTaken (hh:MM)"
00:24
01:44
02:23
00:54

s2_splunk · ‎05-03-2021

This should get you started:

| makeresults 
| eval n="00:24 01:44 02:23 00:54" 
| makemv delim=" " n 
| mvexpand n 
| eval hhmm = substr("00:00:00",1,8-len(n)).n 
| convert dur2sec(hhmm) as seconds 
| stats avg(seconds) as avgsec 
| eval AvgDur = tostring(avgsec, "duration")

First four lines are generating test events from your example data. If you are fine with the average time in seconds, you can skip the last line.

Find average time duration in hh:mm

eval

fields

stats

timechart

tstats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation

Find average time duration in hh:mm

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.