Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

on list of _time values how to get start and end times by specific date in splunk

Sivakesava574
Explorer
‎02-26-2021 03:57 AM

my search query returns list of _time values for multiple dates and below is start and end times for a each date

2021-02-23 12:27:13.173

2021-02-23 16:18:20.129

2021-02-24 09:18:06.191

2021-02-24 13:22:48.285

2021-02-25 09:02:38.042

2021-02-25 13:04:52.313

in the above list i need to display like below. i have tried multiple ways but unable to get the output in below format. is there any i can extract like below

DateStart_timeEnd_timedifference in minutes
2/23/20212/23/21 12:272/23/21 16:18231.11593

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-26-2021 04:33 AM

 

| eval date=strftime(_time,"%Y-%m-%d")
| stats earliest(_time) as start_time latest(_time) as end_time by date
| eval difference=(end_time-start_time)/60

 

View solution in original post

Reply
Solved! Jump to solution

Sivakesava574
Explorer
‎02-26-2021 08:00 AM

This is resulting the data exactly what i intended

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-26-2021 04:33 AM

 

| eval date=strftime(_time,"%Y-%m-%d")
| stats earliest(_time) as start_time latest(_time) as end_time by date
| eval difference=(end_time-start_time)/60

 

Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...