Solved: How to turn string value into a time value to calc...

tonahoyos · ‎09-28-2018

Hello,

I have a log that when uploaded to SPLUNK this appears as a string even though it should be in time format. So, I have to convert this string into a time in order to calculate the difference between an end time and a start time. This is my code:

| eval StartTimestamp=strptime(StartTime,"%d/%m/%Y %H:%M:%S"), ActualTimestamp=strptime(ActualAlarmTime,"%d/%m/%Y %H:%M:%S") 
| eval ResponseTimestamp= (StartTimestamp-ActualTimestamp)
| stats avg(ResponseTimestamp) as ResponseTime

It is not creating any errors, but I am not sure if the answer is in seconds or in an epoch format. I would like to see the ResponseTime in a %H:%M:%S format.

Thanks!

Vijeta · ‎09-28-2018

You can convert the Response Timestamp into "%d/%m/%Y %H:%M:%S" format or just "%H:%M:%S" format using strftime

eval ResponseTime=strftime(ResponseTime,"%d/%m/%Y %H:%M:%S")

Or you can use

eval ResponseTime=strftime(ResponseTime,"%H:%M:%S")

View solution in original post

493669 · ‎09-28-2018

Try below-
it will convert epoch time in seconds into required readable format using strftime

|eval ResponseTimestamp=strftime(ResponseTimestamp,"%H:%M:%S")

Vijeta · ‎09-28-2018

You can convert the Response Timestamp into "%d/%m/%Y %H:%M:%S" format or just "%H:%M:%S" format using strftime

eval ResponseTime=strftime(ResponseTime,"%d/%m/%Y %H:%M:%S")

Or you can use

eval ResponseTime=strftime(ResponseTime,"%H:%M:%S")

How to turn string value into a time value to calculate the difference between two fields?

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application