Hello,
Let me ask this simple question.
I have following two fields; start_time and end_time.
I would like to calculate the duration time by using these two fields.
In my understanding, if I want to use transaction startswith= endswith=, I need to specify the value like startswith="login" endswith="logout", that way I can get duration.
In my case, however, each fields has specific time value, so if I want to calculate the duration between start_time and end_time, how do I do that?
Thank you.
... | eval diff=end_time-start_time
?
strptime did work. Thank you!
In that case wrap strptime() calls around the field names in Ayn's eval to parse the time into epoch time. Your formatting string might be "%Y/%m/%d %H:%M".
Well, for example, I have fields start_time=2013/11/26 20:28 and end_time=2013/11/26 20:35. These fields represent the time when a meeting starts and ends. I'd like to get the meeting time by search command like transaction(?), so in this case I expect to get "7min" as a result. Hope it helps you a bit to understand what I want to get.
OK. You could consider telling us a bit more about exactly what your events look like, the problem you're trying to solve, how things are not working, etc etc? Just putting it out there 🙂
No, it didn't work.