I am trying to calculate difference between two dates including seconds. But i am unable to find any logs.
Please help
My query
index=main source="https://test.ticketing-tool.com/" dv_state=* dv_priority="4 - Low" number=SIR0010241 | dedup number |eval startTime=strptime(dv_opened_at,"%Y-%m-%d %H:%M:%S:%3N")
|eval endTime=strptime(dv_sys_updated_on,"%Y-%m-%d %H:%M:%S:%3N")
|eval TimeDiff=tostring((endTime-startTime),"duration")
|table dv_opened_at dv_sys_updated_on TimeDiff, number
@soutamo @ITWhisperer @gcusello @thambisetty @bowesmana @DalJeanis
Hi @alexspunkshell,
check the format of your dates: you didn't shared a sample of your logs but, viewing your screenshot, it seems that the format isn't the one you used, but
%Y-%m-%d %H:%M:%S
If you share a sample I could be more detailed.
Ciao.
Giuseppe
I changed the format of Date, Month, Year and i am getting the result now. Thanks
Hi @alexspunkshell,
good for you.
ciao and happy splunking.
Giuseppe
P.S.: Karma Points are appreciated by all the contributors 😉
index=main source="https://test.ticketing-tool.com/" dv_state=* dv_priority="4 - Low" number=SIR0010241 | dedup number |eval startTime=strptime(dv_opened_at,"%Y/%m/%d %H:%M:%S")
|eval endTime=strptime(dv_sys_updated_on,"%Y/%m/%d %H:%M:%S")
|eval TimeDiff=tostring((endTime-startTime),"duration")
|table dv_opened_at dv_sys_updated_on TimeDiff, number
Hi @alexspunkshell,
check the format of your dates: you didn't shared a sample of your logs but, viewing your screenshot, it seems that the format isn't the one you used, but
%Y-%m-%d %H:%M:%S
If you share a sample I could be more detailed.
Ciao.
Giuseppe