I am attempting to calculate hours since an event occurred, however, the calculated time shows decimals including .6 to .9 between hour values.
index=abc
| eval time_difference=(now() - _time)
| eval time_in_hours=(time_difference/60)
| eval Hours_elapsed=round(time_in_hours/60,2)
| eval Time=strftime(_time, "%Y-%m-%d %H:%M:%S")
| table Time Hours_elapsed
| sort - Hours_elapsed
Here's an example of the output
Time Hours_elapsed
2019-10-16 05:39:02 22.96
2019-10-16 05:39:19 22.96
2019-10-16 05:39:14 22.96
2019-10-16 05:48:48 22.80
2019-10-16 05:48:47 22.80
I've attempted to calculate the difference of now() and _time in epoch and then do an eval to calculate the hours, but have had no luck.
↧