How to find event timestamp duration with respect ...

Abhineet · ‎04-17-2023

We have splunk event having field "eventdateTime" in format mentioned below.

for example

eventdateTime

2023-04-17 06:45:55,405

2023-04-17 06:45:52,599

2023-04-17 06:45:52,446

2023-04-17 06:45:52,208

We want to create new field "duration" that will give difference of "eventdateTime" value with current date time value in Minute seconds format i.e( duration = 4Min:10.256Sec)

For Example:

eventdateTime = 22023-04-17 06:51:19,950

current date time = 2023-04-17 06:53:39,000

duration = 2Min:19.050Sec

woodcock · ‎04-17-2023

| eval duration=now()-strptime(eventdateTime,"%F %T,%3N")
| fieldformat duration=tostring(duration ,"duration")

ITWhisperer · ‎04-17-2023

| eval duration=tostring(now()-strptime(eventdateTime,"%F %T,%3N"),"duration")

How to find event timestamp duration with respect to current time in minute and seconds?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Are you a member of the Splunk Community?

How to find event timestamp duration with respect to current time in minute and seconds?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025