Solved: How to convert seconds to milliseconds by strippin...

raghul725 · ‎03-08-2023

Hello,

I am performing the following search to extract the time taken to upload

index=* my_search |rex "\[upload\] executed in (?<ut>\d+\w+)"

the above extracts values like 343ms, 8s30ms, 11s404ms

How would I extract the seconds portion, convert it into ms and add it to ms so that I can get the upload time always in ms please?

richgalloway · ‎03-08-2023

As with many things Splunk, there's probably more than one way to do that. I like rex for it. Use a regular expression to extract the s and ms values then use eval for the math.

index=* my_search
| rex "\[upload\] executed in (?<ut>\d+\w+)"
| rex field=ut "(?:(?<sec>\d+)s)?(?<ms>\d+)ms"
``` Convert null to zero ```
| eval sec = if(isnull(sec), 0, sec)
| eval ms = (sec*1000) + ms

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎03-08-2023

As with many things Splunk, there's probably more than one way to do that. I like rex for it. Use a regular expression to extract the s and ms values then use eval for the math.

index=* my_search
| rex "\[upload\] executed in (?<ut>\d+\w+)"
| rex field=ut "(?:(?<sec>\d+)s)?(?<ms>\d+)ms"
``` Convert null to zero ```
| eval sec = if(isnull(sec), 0, sec)
| eval ms = (sec*1000) + ms

---
If this reply helps you, Karma would be appreciated.

raghul725 · ‎03-09-2023

Brilliant thank you very much

How to convert seconds to milliseconds by stripping out seconds and then add it to milliseconds?

eval

Best Strategies to Optimize Observability Costs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...