Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to calculate the difference between two dates?

marceldera
Explorer
‎09-01-2022 10:53 AM

I have 2 dates

first_found: 2022-08-23T21:08:54.808Z

last_fixed:2022-08-30T12:56:58.860Z

I am trying to calculate the difference in days between (first-found - last_fixed) and dump the result in a new field called "remediation_days"

 

0 Karma
Reply

marceldera
Explorer
‎09-01-2022 12:52 PM

It works, however the results come back like this. 2419200.000000 even after i do the division.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-01-2022 11:28 AM

Dates can only be compared/calculated in integer (epoch) form.

| eval remediation_days = (strptime(last_fixed, "%Y-%m-%dT%H:%M:%S.%3N%Z") - strptime(first_found, "%Y-%m-%dT%H:%M:%S.%3N%Z") / 86400)
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-01-2022 01:01 PM

Parens error on my part.

| eval remediation_days = (strptime(last_fixed, "%Y-%m-%dT%H:%M:%S.%3N%Z") - strptime(first_found, "%Y-%m-%dT%H:%M:%S.%3N%Z")) / 86400

There's also this alternative.

 

| eval remediation_secs = strptime(last_fixed, "%Y-%m-%dT%H:%M:%S.%3N%Z") - strptime(first_found, "%Y-%m-%dT%H:%M:%S.%3N%Z")
| eval remediation_days = round(remediation_secs / 86400, 2)

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...