I have to take response time from given 12/07/2016 07:36:49 :: :: 090A24936 Req. : 07:36:49:450 --- 090A24936 Reply : 07:36:49:872
event. can anyone help on this?
Try this
base search | rex "Req.*\s(?<start>\d+:\d+:\d+:\d+)[\s\S]+\s(?<end>\d+:\d+:\d+:\d+)" | eval start=strptime(start, "%H:"%M:"%S.%3N") | eval end=strptime(end, "%H:"%M:"%S.%3N") | eval duration=end-start | eval duration=tostring(duration, "duration")