How to calculate working hours between start and e...

kenchisho · ‎08-02-2012

I am trying to build a working hours report with splunk...

I have a start date and an end date like so:

start_time
2012-07-03 12:56:07

end_time
2012-07-14 16:30:22

calculating calendar hours is simple but how do i get working hours?

any ideas?

yannK · ‎08-05-2012

you can convert your time to epochtime, ft not already done or use the splunk timestamp (in _time as epoch time)
if you want other time calculations, use eval.

see http://docs.splunk.com/Documentation/Splunk/4.3.3/SearchReference/Convert

mysearch_for_my_task 
| convert timeformat="%Y-%M-%d %H:%M:%S" start_second=mktime(start_time) AS start_second
| convert timeformat="%Y-%M-%d %H:%M:%S" start_second=mktime(end_time) AS end_second
| eval duration_second=end_second-start_second
| eval duration_hour=round(duration_second/360,0)
| table duration_hour

if the timestamp is the timestamp of the event, you can try a transaction



mysearch | transaction mycommonfield startswith="keyword1" endswith="keyword2" 

| table mycommonfield _time duration

or use stats



mysearch | stats first(_time) AS recent last(_time) AS oldest by mycommonfield 

| eval duration_second=recent-oldest 

| eval duration_second=end_second-start_second

| eval duration_hour=round(duration_second/360,0)

| table mycommonfield duration_hour

kenchisho · ‎08-03-2012

well the number of working hours between the start_time and end_time

for example i start working on a task at 09:00 AM on monday and finish at 13:00 PM on wednesday... i wish to count the number of working hours on the task...

Ayn · ‎08-02-2012

What do you mean by "calculating" hours?

How to calculate working hours between start and end DateTime

Enterprise Security Content Update (ESCU) | New Releases

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...