How to covert Duration in String to seconds?

smaran06 · ‎07-18-2022

Hi Team,

I have time in below two formats and I want to convert them to minutes. How can I do this

Format 1

1 Hour
10 Hours 47 Minutes
1 Day 5 Hours 15 Minutes
45 Minutes

Format 2

00:00:00
00:09:00
22:30:00

ITWhisperer · ‎07-18-2022

| rex field=format1 "((?<days>\d+)\sDays?\s?)?((?<hours>\d+)\sHours?\s?)?((?<minutes>\d+)\sMinutes?\s?)?"
| rex field=format2 "(?<hours>\d+):(?<minutes>\d+):(?<seconds>\d+)"
| fillnull value=0 days hours minutes seconds
| eval totalSeconds=((((days*24)+hours)*60)+minutes)*60+seconds
| eval totalMinutes=totalSeconds/60

smaran06 · ‎07-18-2022

Thanks for the reply

Can you please explain how its working

ITWhisperer · ‎07-18-2022

The rex commands extract days, hours, minutes and seconds from the two different formats

https://regex101.com/r/QM6IX2/1 for format 1

https://regex101.com/r/YM3kzH/1 for format 2

The explanation shows what the regex string does, but essentially format 1 uses the time units as anchors to find the corresponding value - since some parts appear to be optional, this is also taken into account.

Roy_9 · ‎07-18-2022

@smaran06 Please refer to the below link to convert time into minutes or seconds.

https://docs.splunk.com/Documentation/Splunk/9.0.0/SearchReference/Convert

Thanks

How to covert Duration in String to seconds?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

How to covert Duration in String to seconds?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!