Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can i calculate datetime Difference between two datetime values.

abhishekgupta61
Engager
‎05-03-2018 02:19 AM

Begin date - 2018-05-02 22:00:23.235371
End Date - 2018-05-02 22:01:33.815546

Expected Result should be - 70

Tags (1)
0 Karma
Reply

xpac
SplunkTrust
SplunkTrust
‎05-03-2018 08:20 AM

Hey, try this:

| makeresults
| eval begin="2018-05-02 22:00:23.235371"
| eval end="2018-05-02 22:01:33.815546"
| eval begin_epoch=strptime(begin, "%Y-%m-%d %H:%M:%S")
| eval end_epoch=strptime(end, "%Y-%m-%d %H:%M:%S")
| eval diff=end_epoch-begin_epoch

The field diff will then contain the difference between the two. I left out the milliseconds on purpose, because you said you expected "70" as a result.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...