How to find event timestamp duration with respect ...

Abhineet · ‎04-17-2023

We have splunk event having field "eventdateTime" in format mentioned below.

for example

eventdateTime

2023-04-17 06:45:55,405

2023-04-17 06:45:52,599

2023-04-17 06:45:52,446

2023-04-17 06:45:52,208

We want to create new field "duration" that will give difference of "eventdateTime" value with current date time value in Minute seconds format i.e( duration = 4Min:10.256Sec)

For Example:

eventdateTime = 22023-04-17 06:51:19,950

current date time = 2023-04-17 06:53:39,000

duration = 2Min:19.050Sec

woodcock · ‎04-17-2023

| eval duration=now()-strptime(eventdateTime,"%F %T,%3N")
| fieldformat duration=tostring(duration ,"duration")

ITWhisperer · ‎04-17-2023

| eval duration=tostring(now()-strptime(eventdateTime,"%F %T,%3N"),"duration")

How to find event timestamp duration with respect to current time in minute and seconds?

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Are you a member of the Splunk Community?

How to find event timestamp duration with respect to current time in minute and seconds?

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI