Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to find the difference between two dates/times and add a new column to a table to show the difference?

harish_ka
Communicator
‎12-22-2014 05:19 AM

i have a query as below...

search 1|join type=left [search2]

the query returns the following fields...

place | ABC |XYZ |dateofSearch1|PQR |dateofSearch2

aaaa | acc | det | 2014/1/2 01:48:01 CST | eee | 2014/11/27 01:48:01 CST

i want to find the difference of date/time of dateofSearch1 and dateofSearch2... and add a new column to show the difference..

Can anyone help me to do this....

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

kml_uvce
Builder
‎12-22-2014 05:38 AM

try this

search 1 | join type=left [search2] | eval diffTime=dateofSearch2 - dateofSearch1
kamal singh bisht

View solution in original post

Reply
Solved! Jump to solution
Solution

kml_uvce
Builder
‎12-22-2014 05:38 AM

try this

search 1 | join type=left [search2] | eval diffTime=dateofSearch2 - dateofSearch1
kamal singh bisht
Reply
Solved! Jump to solution

harish_ka
Communicator
‎12-23-2014 03:43 AM

Worked with few modifications in my query...

eval diffTime=strptime(dateofSearch2, "%Y/%m/%d %H:%M:%S")-strptime(dateofSearch1, "%Y/%m/%d %H:%M:%S")
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...