Re: How to calculate the difference between two da...

marceldera · ‎09-01-2022

I have 2 dates

first_found: 2022-08-23T21:08:54.808Z

last_fixed:2022-08-30T12:56:58.860Z

I am trying to calculate the difference in days between (first-found - last_fixed) and dump the result in a new field called "remediation_days"

marceldera · ‎09-01-2022

It works, however the results come back like this. 2419200.000000 even after i do the division.

richgalloway · ‎09-01-2022

Dates can only be compared/calculated in integer (epoch) form.

| eval remediation_days = (strptime(last_fixed, "%Y-%m-%dT%H:%M:%S.%3N%Z") - strptime(first_found, "%Y-%m-%dT%H:%M:%S.%3N%Z") / 86400)

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎09-01-2022

Parens error on my part.

| eval remediation_days = (strptime(last_fixed, "%Y-%m-%dT%H:%M:%S.%3N%Z") - strptime(first_found, "%Y-%m-%dT%H:%M:%S.%3N%Z")) / 86400

There's also this alternative.

| eval remediation_secs = strptime(last_fixed, "%Y-%m-%dT%H:%M:%S.%3N%Z") - strptime(first_found, "%Y-%m-%dT%H:%M:%S.%3N%Z")
| eval remediation_days = round(remediation_secs / 86400, 2)

---
If this reply helps you, Karma would be appreciated.

How to calculate the difference between two dates?

other

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector