Solved: Re: how to calculate the starttime and endtime bet...

babukumarreddy · ‎02-10-2019

actually iam new to splunk

in my logs starttime and endtime is there need to calculate duration
starttime endtime
|01-feb-2019 01:30:18|01-feb-2019 01:30:28

fieldnames are starttime and endtime

chrisyounger · ‎02-10-2019

Try this: |eval d1 = strptime(starttime, "%d-%b-%Y %H:%M:%S") | eval d2 = strptime(endtime, "%d-%b-%Y %H:%M:%S") | eval duration_in_seconds = d1 - d2

Hope this helps

View solution in original post

chrisyounger · ‎02-10-2019

Try this: |eval d1 = strptime(starttime, "%d-%b-%Y %H:%M:%S") | eval d2 = strptime(endtime, "%d-%b-%Y %H:%M:%S") | eval duration_in_seconds = d1 - d2

Hope this helps

babukumarreddy · ‎02-10-2019

Hi Chrisyongerjds

its not working

index="starttime"|eval d1 = strptime(starttime, "%d-%m-%Y %H:%M:%S") | eval d2 = strptime(endtime, "%d-%m-%Y %H:%M:%S") | eval duration_in_seconds = d1 - d2|table starttime endtime duration_in_seconds

babukumarreddy · ‎02-10-2019

ignore above comment
it's working

thank you Chrisyongerjds

how to calculate the starttime and endtime between duration ?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector