Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

convert large duration timelapse to decimal hour

mjones414
Contributor
‎03-01-2019 04:05 PM

I'm trying to convert a timestamp where my hour will go beyone 24 hours: for example: 305:44:03 The ctime and dur2sec don't seem to be handling this timeformat properly with either "%H:%M:%S or %H%H%H:%M:%S or %k:%M:%S. and so on...

Tags (1)
0 Karma
Reply

chrisyounger
SplunkTrust
SplunkTrust
‎03-01-2019 04:09 PM

Well you could carve it up yourself like this:

| makeresults 
| eval val ="305:44:03" 
| rex field=val "(?<hr>\d+):(?<min>\d+):(?<sec>\d+)" 
| eval duration = (hr * 3600) + (min * 60) + sec 
| table duration

All the best

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...