Hi , we need ot find duration for timestamps and the format looks like as below.
max_time=1461593558.000
min _time=1461593258.000
Used below query to convert this to proper timeframe.
index=datapower |stats avg(Time) as Average,Count
| eval Average=round(Average,2) |where Average>50
| addinfo
| eval SearchstartTime=strftime(info_min_time,"%Y-%m-%d %H:%M:%S")
|eval SearchendTime=strftime(info_max_time,"%Y-%m-%d %H:%M:%S")
Tried finding difference like this ,by adding below to the end of the search.
| eval diff= tostring(SearchendTime - SearchstartTime,"duration"), but it is not retrieving any results.
Can you please help?
↧