- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
How about toMillis(startdate) - toMillis(enddate) to give you the difference?
This may work? You may have to put your regex into the fields line to output the result..
fields startdate,enddate,toMillis(startdate) - toMillis(enddate)
Hello,
You can further parse the startdate and enddate to calculate the time difference. I've illustrated this with example log events.
Log event 1: 2023-03-16T23:24:38.973 2023-03-16T23:24:40.586 Log event 2: 2023-03-16T23:23:38.973 2023-03-16T23:24:40.000
Following query will parse the timestamps to 4 segments: date, hours, minutes, seconds
Difference between start and end time is calculated and multiplied to convert the difference to seconds.
PARSE @message "T:: T::" as startdate, s_hour, s_min, s_sec, enddate, e_hour, e_min, e_sec | fields (((e_hour - s_hour) * 3600) + ((e_min - s_min) * 60) + (e_sec - s_sec)) as TimeDifference | display @message, TimeDifference
Contenuto pertinente
- AWS UFFICIALEAggiornata 5 mesi fa
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 5 mesi fa
- AWS UFFICIALEAggiornata 8 mesi fa