- Newest
- Most votes
- Most comments
How about toMillis(startdate) - toMillis(enddate) to give you the difference?
This may work? You may have to put your regex into the fields line to output the result..
fields startdate,enddate,toMillis(startdate) - toMillis(enddate)
Hello,
You can further parse the startdate and enddate to calculate the time difference. I've illustrated this with example log events.
Log event 1: 2023-03-16T23:24:38.973 2023-03-16T23:24:40.586 Log event 2: 2023-03-16T23:23:38.973 2023-03-16T23:24:40.000
Following query will parse the timestamps to 4 segments: date, hours, minutes, seconds
Difference between start and end time is calculated and multiplied to convert the difference to seconds.
PARSE @message "T:: T::" as startdate, s_hour, s_min, s_sec, enddate, e_hour, e_min, e_sec | fields (((e_hour - s_hour) * 3600) + ((e_min - s_min) * 60) + (e_sec - s_sec)) as TimeDifference | display @message, TimeDifference
Relevant content
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 4 months ago