Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to calculate working hours between start and end DateTime

kenchisho
Path Finder
‎08-02-2012 08:00 AM

I am trying to build a working hours report with splunk...

I have a start date and an end date like so:

start_time
2012-07-03 12:56:07

end_time
2012-07-14 16:30:22

calculating calendar hours is simple but how do i get working hours?

any ideas?

Tags (1)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎08-05-2012 09:48 AM

you can convert your time to epochtime, ft not already done or use the splunk timestamp (in _time as epoch time)
if you want other time calculations, use eval.

see http://docs.splunk.com/Documentation/Splunk/4.3.3/SearchReference/Convert

mysearch_for_my_task 
| convert timeformat="%Y-%M-%d %H:%M:%S" start_second=mktime(start_time) AS start_second
| convert timeformat="%Y-%M-%d %H:%M:%S" start_second=mktime(end_time) AS end_second
| eval duration_second=end_second-start_second
| eval duration_hour=round(duration_second/360,0)
| table duration_hour

if the timestamp is the timestamp of the event, you can try a transaction



mysearch | transaction mycommonfield startswith="keyword1" endswith="keyword2" 

| table mycommonfield _time duration

or use stats


mysearch | stats first(_time) AS recent last(_time) AS oldest by mycommonfield 

| eval duration_second=recent-oldest 

| eval duration_second=end_second-start_second

| eval duration_hour=round(duration_second/360,0)

| table mycommonfield duration_hour

0 Karma
Reply

kenchisho
Path Finder
‎08-03-2012 02:20 AM

well the number of working hours between the start_time and end_time

for example i start working on a task at 09:00 AM on monday and finish at 13:00 PM on wednesday... i wish to count the number of working hours on the task...

0 Karma
Reply

Ayn
Legend
‎08-02-2012 10:01 AM

What do you mean by "calculating" hours?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...