Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to calculate working hours between start and end DateTime

kenchisho
Path Finder
‎08-02-2012 08:00 AM

I am trying to build a working hours report with splunk...

I have a start date and an end date like so:

start_time
2012-07-03 12:56:07

end_time
2012-07-14 16:30:22

calculating calendar hours is simple but how do i get working hours?

any ideas?

Tags (1)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎08-05-2012 09:48 AM

you can convert your time to epochtime, ft not already done or use the splunk timestamp (in _time as epoch time)
if you want other time calculations, use eval.

see http://docs.splunk.com/Documentation/Splunk/4.3.3/SearchReference/Convert

mysearch_for_my_task 
| convert timeformat="%Y-%M-%d %H:%M:%S" start_second=mktime(start_time) AS start_second
| convert timeformat="%Y-%M-%d %H:%M:%S" start_second=mktime(end_time) AS end_second
| eval duration_second=end_second-start_second
| eval duration_hour=round(duration_second/360,0)
| table duration_hour

if the timestamp is the timestamp of the event, you can try a transaction



mysearch | transaction mycommonfield startswith="keyword1" endswith="keyword2" 

| table mycommonfield _time duration

or use stats


mysearch | stats first(_time) AS recent last(_time) AS oldest by mycommonfield 

| eval duration_second=recent-oldest 

| eval duration_second=end_second-start_second

| eval duration_hour=round(duration_second/360,0)

| table mycommonfield duration_hour

0 Karma
Reply

kenchisho
Path Finder
‎08-03-2012 02:20 AM

well the number of working hours between the start_time and end_time

for example i start working on a task at 09:00 AM on monday and finish at 13:00 PM on wednesday... i wish to count the number of working hours on the task...

0 Karma
Reply

Ayn
Legend
‎08-02-2012 10:01 AM

What do you mean by "calculating" hours?

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...