Solved: How to convert seconds to milliseconds by strippin...

raghul725 · ‎03-08-2023

Hello,

I am performing the following search to extract the time taken to upload

index=* my_search |rex "\[upload\] executed in (?<ut>\d+\w+)"

the above extracts values like 343ms, 8s30ms, 11s404ms

How would I extract the seconds portion, convert it into ms and add it to ms so that I can get the upload time always in ms please?

richgalloway · ‎03-08-2023

As with many things Splunk, there's probably more than one way to do that. I like rex for it. Use a regular expression to extract the s and ms values then use eval for the math.

index=* my_search
| rex "\[upload\] executed in (?<ut>\d+\w+)"
| rex field=ut "(?:(?<sec>\d+)s)?(?<ms>\d+)ms"
``` Convert null to zero ```
| eval sec = if(isnull(sec), 0, sec)
| eval ms = (sec*1000) + ms

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎03-08-2023

As with many things Splunk, there's probably more than one way to do that. I like rex for it. Use a regular expression to extract the s and ms values then use eval for the math.

index=* my_search
| rex "\[upload\] executed in (?<ut>\d+\w+)"
| rex field=ut "(?:(?<sec>\d+)s)?(?<ms>\d+)ms"
``` Convert null to zero ```
| eval sec = if(isnull(sec), 0, sec)
| eval ms = (sec*1000) + ms

---
If this reply helps you, Karma would be appreciated.

raghul725 · ‎03-09-2023

Brilliant thank you very much

How to convert seconds to milliseconds by stripping out seconds and then add it to milliseconds?

eval

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk