Splunk Search

How to convert large epoch time to hours minutes and seconds ?

patra966
Explorer

I want to get the result of large epoch time to hours minutes and seconds.

Ex: Epoch time : 9386717.000000
Hours minutes seconds: 2607:25:17

How can I get the result?

Thanks in Advance.

0 Karma
1 Solution

vnravikumar
Champion

Hi

Check this

| makeresults 
| eval total_seconds="9386717.000000" 
| eval temp =tostring(total_seconds, "duration") 
| rex field=temp "((?<days>^[^+]+)\+){0,1}(?P<hour>[^:]+):(?P<minutes>[^:]+):(?P<seconds>[^.]+)" 
| eval day_to_hour=if(days>0,days*24+hour,days) 
| eval output=if(days>0,day_to_hour.":".minutes.":".seconds,hour.":".minutes.":".seconds) 
| table output

View solution in original post

to4kawa
Ultra Champion
| makeresults 
| eval total_seconds="9386717.000000" 
| eval Hours=floor(total_seconds / 60 /60), Minutes=floor((total_seconds%Hours)/60), Seconds=floor(total_seconds % 60)

How to convert large epoch time to hours minutes and seconds ?
→ How to convert huge seconds to hours minutes and seconds?

0 Karma

vnravikumar
Champion

Hi

Check this

| makeresults 
| eval total_seconds="9386717.000000" 
| eval temp =tostring(total_seconds, "duration") 
| rex field=temp "((?<days>^[^+]+)\+){0,1}(?P<hour>[^:]+):(?P<minutes>[^:]+):(?P<seconds>[^.]+)" 
| eval day_to_hour=if(days>0,days*24+hour,days) 
| eval output=if(days>0,day_to_hour.":".minutes.":".seconds,hour.":".minutes.":".seconds) 
| table output

to4kawa
Ultra Champion

https://www.epochconverter.com/

your string is not epoch time, please check and correct your question.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...