Solved: How to get the duration in the format HH:MM:SS bet...

shariinPH · ‎04-14-2015

hello guys,

I have two extracted fields which are DateTimeStart and DateTimeEnd
So I get the minimum time started and the maximum time ended by the field jobname

|stats min(DateTimeStart) as DateTimeStart max(DateTimeEnd) as DateTimeEnd by jobname

For example:
My min time for start is DateTimeStart: 03/24/2015 06:00:35
and for the max end time i have here DateTimeEnd: 03/24/2015 06:15:03

So my question is, how to get the duration and with the format Hours:Minutes:Seconds

Thanks guys :">

shariinPH · ‎04-14-2015

i already figured it out.

|convert mktime(DateTimeStart) as dtstart mktime(DateTimeEnd) as dtend
|eval dur=(dtend-dtstart)
|eval myduration=tostring(dur,"duration")

hope this helps you as well! 🙂
Cheers!

View solution in original post

shariinPH · ‎04-14-2015

i already figured it out.

|convert mktime(DateTimeStart) as dtstart mktime(DateTimeEnd) as dtend
|eval dur=(dtend-dtstart)
|eval myduration=tostring(dur,"duration")

hope this helps you as well! 🙂
Cheers!

How to get the duration in the format HH:MM:SS between two extracted fields (DateTimeStart and DateTimeEnd)?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio