Solved: How to get total number of hours elapsed from last...

sjs · ‎01-22-2023

Hey people,

I want to find out the total number of hours that elapsed from the last event raised.

This is what I was doing previously:

| stats latest(_time) as last_log_time  | eval timeElapsedSinceLastLog=tostring(now() - last_log_time) | fieldformat timeElapsedSinceLastLog = strftime(timeElapsedSinceLastLog, "%H:%M:%S") |fields timeElapsedSinceLastLog

this gives me

But it has been more than a week, since the last event raised

I am also happy, if I could get number of days elapsed with time(if days < 1) as well.

manjunathmeti · ‎01-22-2023

hi @sjs ,

You can divide the elapsed time with 86400 to get the number of days, try this:

| stats latest(_time) as last_log_time 
| eval timeElapsedSinceLastLog=now() - last_log_time, days=round(timeElapsedSinceLastLog/86400, 0) 
| eval timeElapsedSinceLastLog = strftime(timeElapsedSinceLastLog, "%H:%M:%S") 
| eval timeElapsedSinceLastLog=if(days > 0, days." days, ".timeElapsedSinceLastLog, timeElapsedSinceLastLog) 
| fields timeElapsedSinceLastLog

View solution in original post

manjunathmeti · ‎01-22-2023

hi @sjs ,

You can divide the elapsed time with 86400 to get the number of days, try this:

| stats latest(_time) as last_log_time 
| eval timeElapsedSinceLastLog=now() - last_log_time, days=round(timeElapsedSinceLastLog/86400, 0) 
| eval timeElapsedSinceLastLog = strftime(timeElapsedSinceLastLog, "%H:%M:%S") 
| eval timeElapsedSinceLastLog=if(days > 0, days." days, ".timeElapsedSinceLastLog, timeElapsedSinceLastLog) 
| fields timeElapsedSinceLastLog

How to get total number of hours elapsed from last event raised till now()?

stats

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk

Modern way of developing distributed application using OTel