I am still trying to learn more about splunk functionality, any suggestions on learning Splunk commands (video guides/reference materials) would be helpful. ... View more

That did the trick. Thanks again 🙂 ... View more

time ranges 3/27/2018 14:01 and 3/27/2018 23:12 index=myindex| eval submit=strptime(in, "%m/%d/%Y %H:%M") | eval response=strptime(out, "%m/%d/%Y %H:%M") | eval Total=response-submit | eval Ntotal=tostring(Total,"duration") ... View more

Hi damien_chillet, i managed to get a desired result by following your suggestion, I am trying to calculate difference between 2 time ranges 3/27/2018 14:01 and 3/27/2018 23:12, but I get a result as 09:11:00.000000 instead of 09:11:00 query: index=myindex| eval submit=strptime(in, "%m/%d/%Y %H:%M") | eval response=strptime(out, "%m/%d/%Y %H:%M") | eval Total=response-submit | eval Ntotal=tostring(Total,"duration") please advise. ... View more

Hi damien_chillet, I managed to get a desired value by following your suggestion, but now I get a result as 09:11:00.000000 instead of 09:11:00 I am trying to calculate difference between 2 time ranges 3/27/2018 14:01 and 3/27/2018 23:12. am I missing something? ... View more