Alright...new to Splunk and actually been figuring it out as I go along. The only problem I am having is I am trying to capture 2 time fields. I'm trying to capture Time_To_Own_Minutes and Time_To_Close_Minutes both are avg. The search I have pasted below shows an additional field of overall time that I don't need. Thoughts on how to capture time in minutes? index="alerts" USER_LOGIN=* DUPLICATE_COUNT=0 | rename RECEIVED_TIME as RT, ANNOTATION_TIME as AT, ALERT_OWNERSHIP_TIME as AOT | eval CT=coalesce(CLOSED_TIME, closed_time) | eval Annotes=substr(ANNOTATION,1,3) | eval ctime=strptime(CT, "%m/%d/%y %H:%M:%S") | eval rtime=strptime(RT, "%m/%d/%y %H:%M:%S") | eval atime=strptime(AT, "%m/%d/%y %H:%M:%S") | eval aotime=strptime(AOT, "%m/%d/%y %H:%M:%S") | eval TimeToClose=ctime-rtime | eval TimeToClose=abs(TimeToClose) | eval TimeToOwn=aotime-rtime | eval TimeToOwn=abs(TimeToOwn) | eval RT_Time=strftime(rtime, "%m/%d/%Y %I:%M:%S %p") | eval CT_Time=strftime(ctime, "%m/%d/%Y %I:%M:%S %p") | eval AT_Time=strftime(atime, "%m/%d/%Y %I:%M:%S %p") | eval AOT_Time=strftime(aotime, "%m/%d/%Y %I:%M:%S %p") | eval Time_To_Close_Minutes=round(TimeToClose/60,2) | eval Time_To_Own_Minutes=round(TimeToOwn/60,2) | stats count as "Overall Time" avg(Time_To_Own_Minutes) as "Overall: Avg Time to Close in Minutes" avg(Time_To_Close_Minutes) ... View more