Solved: How do I find the time difference between these tw...

tomaszwrona · ‎01-19-2016

Hello,

I have following events:

event 1:

product_category=dvd
product_name="the martian"
event=to_basket
event_time=2016-01-18T19:57:21+0100
...

event2:

product_category=dvd
product_name="the martian"
event=sold
event_time=2016-01-18T20:15:21+0100
...

How can I tell the time difference between 'to_basket' and 'sold' based on product_category and product_name?

somesoni2 · ‎01-19-2016

Try something like this

your base search giving above two type of events i.e. event=to_basket OR event=sold | stats values(event_time) as event_time values(event) as event by product_category, product_name | eval Diff=strptime(mvindex(event_time,0),"%Y-%m-%dT%H:%M:%S%z")-strptime(mvindex(event_time,-1),"%Y-%m-%dT%H:%M:%S%z")

View solution in original post

somesoni2 · ‎01-19-2016

Try something like this

your base search giving above two type of events i.e. event=to_basket OR event=sold | stats values(event_time) as event_time values(event) as event by product_category, product_name | eval Diff=strptime(mvindex(event_time,0),"%Y-%m-%dT%H:%M:%S%z")-strptime(mvindex(event_time,-1),"%Y-%m-%dT%H:%M:%S%z")

tomaszwrona · ‎01-19-2016

Perfect, thank you!

How do I find the time difference between these two events?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor