Splunk Search

How to covert Duration in String to seconds?

smaran06
Path Finder

Hi Team,

I have time in below two  formats and I want to convert them to minutes. How can I do this

Format 1

  • 1 Hour
  • 10 Hours 47 Minutes
  • 1 Day 5 Hours 15 Minutes
  • 45 Minutes

Format 2

  •  00:00:00
  • 00:09:00
  • 22:30:00
Tags (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| rex field=format1 "((?<days>\d+)\sDays?\s?)?((?<hours>\d+)\sHours?\s?)?((?<minutes>\d+)\sMinutes?\s?)?"
| rex field=format2 "(?<hours>\d+):(?<minutes>\d+):(?<seconds>\d+)"
| fillnull value=0 days hours minutes seconds
| eval totalSeconds=((((days*24)+hours)*60)+minutes)*60+seconds
| eval totalMinutes=totalSeconds/60
0 Karma

smaran06
Path Finder

Thanks for the reply

Can you please explain how its working

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

The rex commands extract days, hours, minutes and seconds from the two different formats

https://regex101.com/r/QM6IX2/1 for format 1

https://regex101.com/r/YM3kzH/1 for format 2

The explanation shows what the regex string does, but essentially format 1 uses the time units as anchors to find the corresponding value - since some parts appear to be optional, this is also taken into account.

0 Karma

Roy_9
Motivator

@smaran06 Please refer to the below link to convert time into minutes or seconds.

https://docs.splunk.com/Documentation/Splunk/9.0.0/SearchReference/Convert

 

Thanks

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...