Re: Need to convert Duration field in sec to day H...

Abhineet · ‎07-08-2022

Base query:

index=jenkins* teamcenter
|search event_tag=job_event
|search build_url=*TC_Active*
|where isnotnull(job_duration)
|rex field=job_name "(?<app>[^\.]*)\/(?<repo>[^\.]*)\/(?<jobname>[^\.].*)"
|rex field=metadata.GIT_BRANCH_NAME "(?<branch>.*)"
|rex field=user "(?<user>[^\.]*)"
|search app="*" AND repo="*" AND jobname="*" AND branch="*" AND user="*"
| eval string_dur = tostring(round(job_duration), "duration")
| eval formatted_dur = replace(string_dur,"(?:(\d+)\+)?0?(\d+):0?(\d+):0?(\d+)","\1d \2h \3m \4s")
|rename job_started_at AS DateTime app AS Repository branch AS Branch jobname AS JobName job_result AS Job_Result formatted_dur AS Job_Duration "stages{}.name" AS "Stage View" "stages{}.duration" AS Duration
|table DateTime Repository Branch JobName Job_Result Job_Duration "Stage View" Duration

Output:

DateTime Repository Branch JobName Job_Result Job_Duration Stage View Duration

2022-07-07T11:47:39Z	TeamCenter/TC_Active/TCUA_Builds	release/ALM_TC15.5	AMAT_Key_Part_Family_Extraction	SUCCESS	d 0h 15m 35s	Preparation Sonar Analysis Build Save Artifacts	108.817 419.698 15.819 376.698
2022-07-07T17:14:49Z	TeamCenter/TC_Active/Portal	release/ALM_TC15.5	com.amat.rac	SUCCESS	d 0h 25m 49s	Preparation Sonar Analysis Build Save Artifacts	105.014 1309.388 29.486 101.647

Need to add another column in output "stage_duration" which will convert "Duration" field value in "Day Hr Min Sec" format.

gcusello · ‎07-08-2022

Hi @Abhineet,

let me understand: you have a field, called "stage_duration" that contains a duration expressed in seconds and you want to rename it in "Duration" and display in format days, hours, minutes, seconds, is it correct?

Sorry but I don't understand why at the end of your servs you don't add:

| eval Duration=tostring(stage_duration,"duration")

Ciao.

Giuseppe

Abhineet · ‎07-08-2022

Hi @gcusello

We have field "Duration" in output sent previously as image.

Want to convert all "Duration " field value into "day Hr Min Sec" format as field "Stage_Duration".

For single event we have multiple "Duration" field Value as per "Stage View" field mentioned in below mentioned sample output image.

gcusello · ‎07-08-2022

Hi @Abhineet,

viewing your screenshot, I see that Duration is a multivalue field so the tostring option doesn't run.

Ciao.

Giuseppe

Abhineet · ‎07-08-2022

Hi @gcusello

That's correct, how we can format the value of "Duration" field in "HH:MM:SS" format?

Abhineet · ‎07-08-2022

Formatted Output for query inserted as image.

gcusello · ‎07-08-2022

Hi @Abhineet,

why don't you use for these fields the "tostring" option that you already used?

Ciao.

Giuseppe

Abhineet · ‎07-08-2022

HI @gcusello

That is not working as in single event have multiple stages and those stages duration need to format.

How do I convert Duration field in sec to day Hr Min Sec?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Are you a member of the Splunk Community?

How do I convert Duration field in sec to day Hr Min Sec?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console