Seconds to minutes would be "divide by 60"... anywhere, not just in Splunk 😄

lol, my bad.
Actually, these are existing dashboards which are no more functioning and I am trying to make them working.
Not sure why the creator did divide by 60000 initially...

Hi @ppanchal

If the the answer and comments by @martin_mueller solved your question, please don't forget to resolve the post by clicking "Accept" directly below his answer. Also, be sure to upvote the answer and/or any of his comments you found especially helpful!

Patrick

I have done that thanks 🙂

You can use eval's round(). Why are you dividing by 60000?

I want to convert the seconds back to minutes at the end.

Sorry I am new to splunk so just trying to figure out things.

Ah, that's different. You'll need strptime() from eval: docs.splunk.com/Documentation/Splunk/6.4.3/SearchReference/CommonEvalFunctions

Something like ... | eval delta = now() - strptime(CREATION_TIME, "%Y-%m-%d %H:%M:%S")

Great that worked 🙂

But now I am getting the seconds in the below format,
1471899601.000000
How should I remove the 0's after the decimal point?

Here is my complete query,

index="ocsmonitor"  sourcetype="idle_alert"|  eval a =strptime(CREATION_TIME, "%Y-%m-%d %H:%M:%S")| stats latest(a) as latests |eval tnow=now()| eval b = (tnow-latests)/60000| table b

The output for b is 0.00020000000.

I want to remove the extra 0's.

Please help.

I have a field called CREATION_TIME.
CREATION_TIME=2016-08-22 14:49:01

How will I convert this into seconds?