Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I extract 2 timestamps from the same line

bsteph
Explorer
‎08-17-2012 09:16 AM

I want to chart multiple jobs that start and end at different times by time period. How do I extract the start and end time for a job and chart which jobs were running at a specified time. In this example, I have multiple jobs starting in a 1 hour interval, but ending at different times the first timestamp is the jobs start time and the second is the jobs endtime:

12/08/16.00:08:15 12/08/16.00:08:17 job1
12/08/16.00:08:15 12/08/16.00:08:17 job2
12/08/16.00:07:49 12/08/16.00:08:44 job3
12/08/16.00:08:55 12/08/16.00:08:55 job4
12/08/16.00:08:31 12/08/16.00:09:00 job5
12/08/16.00:09:05 12/08/16.00:09:06 job6
12/08/16.00:09:15 12/08/16.00:09:15 job7
12/08/16.00:07:06 12/08/16.00:09:17 job8
12/08/16.00:09:25 12/08/16.00:09:25 job9
12/08/16.00:08:50 12/08/16.00:09:26 job10
12/08/16.00:09:40 12/08/16.00:09:42 job11
12/08/16.00:09:44 12/08/16.00:09:44 job 12

Tags (1)
Reply
1 Solution
Solved! Jump to solution

bsteph
Explorer
‎08-17-2012 06:11 PM

That was great. It lead me to this:
source="startjob.log" |eval stime=strptime(start_timestamp,"%y/%m/%d.%H:%M:%S") |eval etime=strptime(end_timestamp,"%y/%m/%d.%H:%M:%S")| stats min(stime) as begin max(etime) as end by job_name| eval duration = end - begin| eval dur=duration|fieldformat duration=tostring(duration,"duration")| fields - stime etime
| eval begin=strftime(begin,"%m/%d/%Y %H:%M:%S") | eval end=strftime(end,"%m/%d/%Y %H:%M:%S")

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...