Solved: Re: How to convert string time to seconds

sashib · ‎07-12-2021

I have a TimeField with data format is like 4 Days 14 Hours 40 Minutes and sometimes 7 Hours 40 Minutes

TimeField

4 Days 14 Hours 40 Minutes

7 Hours 40 Minutes

40 Minutes

I want to convert this field values into seconds so that i can sort my data based on time.

Thanks!

kamlesh_vaghela · ‎07-13-2021

@sashib

Can you please try this?

YOOUR_SEARCH
| rex field=TimeField "(((?<Days>\d.*)\sDays\s)?(?<Hours>\d.*)\sHours\s)?(?<Minutes>\d.*)\sMinutes"
| fillnull value=0
| eval secs=(Days*86400)+(Hours*3600)+(Minutes*60)

My Sample Search :

| makeresults
| eval _raw="TimeField
4 Days 14 Hours 40 Minutes
7 Hours 40 Minutes
40 Minutes"
| multikv forceheader=1
| rex field=TimeField "(((?<Days>\d.*)\sDays\s)?(?<Hours>\d.*)\sHours\s)?(?<Minutes>\d.*)\sMinutes"
| fillnull value=0
| eval secs=(Days*86400)+(Hours*3600)+(Minutes*60)

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

View solution in original post

kamlesh_vaghela · ‎07-13-2021

@sashib

Can you please try this?

YOOUR_SEARCH
| rex field=TimeField "(((?<Days>\d.*)\sDays\s)?(?<Hours>\d.*)\sHours\s)?(?<Minutes>\d.*)\sMinutes"
| fillnull value=0
| eval secs=(Days*86400)+(Hours*3600)+(Minutes*60)

My Sample Search :

| makeresults
| eval _raw="TimeField
4 Days 14 Hours 40 Minutes
7 Hours 40 Minutes
40 Minutes"
| multikv forceheader=1
| rex field=TimeField "(((?<Days>\d.*)\sDays\s)?(?<Hours>\d.*)\sHours\s)?(?<Minutes>\d.*)\sMinutes"
| fillnull value=0
| eval secs=(Days*86400)+(Hours*3600)+(Minutes*60)

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

sashib · ‎07-13-2021

@bowesmana

I tried your suggestion,

TimeField	days	hours	minutes	secs
4 Days 14 Hours 40 Minutes	4	0	0	345600
6 Hours 20 Minutes	0	6	0	21600

for the first entry giving only days

and for second entry its giving only hours

Thank you!

bowesmana · ‎07-12-2021

This search sets up your data example then calculates the seconds.

See from the rex statement onwards

| makeresults
| eval _raw="TimeField
4 Days 14 Hours 40 Minutes
7 Hours 40 Minutes
40 Minutes"
| multikv forceheader=1
| table TimeField
| mvexpand TimeField
| rex field=TimeField "((?<days>\d+) Days)?\s*?((?<hours>\d+) Hours)?\s*?((?<minutes>\d+) Minutes)?"
| fillnull value=0
| eval secs=(days*86400)+(hours*3600)+(minutes*60)

How to convert string time to seconds

field extraction

fields

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation