Solved: on list of _time values how to get start and end t...

Sivakesava574 · ‎02-26-2021

my search query returns list of _time values for multiple dates and below is start and end times for a each date

2021-02-23 12:27:13.173

2021-02-23 16:18:20.129

2021-02-24 09:18:06.191

2021-02-24 13:22:48.285

2021-02-25 09:02:38.042

2021-02-25 13:04:52.313

in the above list i need to display like below. i have tried multiple ways but unable to get the output in below format. is there any i can extract like below

Date	Start_time	End_time	difference in minutes
2/23/2021	2/23/21 12:27	2/23/21 16:18	231.11593

ITWhisperer · ‎02-26-2021

| eval date=strftime(_time,"%Y-%m-%d")
| stats earliest(_time) as start_time latest(_time) as end_time by date
| eval difference=(end_time-start_time)/60

View solution in original post

Sivakesava574 · ‎02-26-2021

This is resulting the data exactly what i intended

ITWhisperer · ‎02-26-2021

| eval date=strftime(_time,"%Y-%m-%d")
| stats earliest(_time) as start_time latest(_time) as end_time by date
| eval difference=(end_time-start_time)/60

on list of _time values how to get start and end times by specific date in splunk

stats

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

on list of _time values how to get start and end times by specific date in splunk

stats

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!