Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Issue with strftime time function. It always adds few minutes to actual results

abochare
New Member
‎01-21-2020 10:02 PM

Hi Team,
I have gone through the forum but couldnt find which suits my requirement.
We are trying to calculate time differences, for which I am using strftime. but if i am using strftime it always adds few minutes to expected results. Can anyone please explain what is wrong with it? Attaching 2 screenshots for reference

alt text
alt text

Preview file
72 KB
Preview file
71 KB
0 Karma
Reply

to4kawa
Ultra Champion
‎01-21-2020 10:26 PM

cf. https://en.wikipedia.org/wiki/Unix_time

UNIX time starts at 00:00:00 on January 1, 1970 as "1".
strftime(hoo,"%M")
If hoo is a small number, it must be a value between 00 and 59 .it is a letter.

round() /60
Since this is divided by 60, it will inevitably take smaller numbers.

The result is different because the operation being performed is different.

0 Karma
Reply

to4kawa
Ultra Champion
‎01-21-2020 10:19 PM

Is there any reason not to paste the query as text?

0 Karma
Reply

vnravikumar
Champion
‎01-21-2020 10:16 PM

Hi

check with

...your query..| eval diff = tostring((tNow - maxLastTime), "duration")
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...