Datetime milliseconds to minutes

So in theory this seems like a simple ordeal milliseconds output / 60000 = minutes
I have 2 datetime fields start_time and end_time, I have to subtract 1 from the other to = session_time, which I have working great - the output is in milliseconds. Now I want to convert milliseconds to minutes - no matter what I do, I either see an error or output is 0.

let session_time = (end_time - start_time);
set_field("session_time", session_time / 60000)

if I do this, I get incompatible types DataTime <=> (60000) Long in line xx
so I change

set_field("session_time", to_long(session_time) / 60000)

and my error goes away but then my output is null

This post might get you a little closer to what you want to do:

thanks for the suggestion, I had tried that exact thing this morning with no success. The problem is the value for to_long(session_time) = 0 so it doesn’t process the rule.
if I leave the > 0 part off, I see hours minutes seconds for duration, but no numbers
I even tried

rule "VPN sessiontime to min"


    let session_duration = to_long($message.session_time);
    set_field("session_duration", session_duration);


I get the field session_duration but it = 0

I just tried doing the above except I used to_string instead of to_long… now I get an output of PT142S - not sure what that means but it’s something!

so for some reason it converted it to a duration… I used a grok pattern to extract the number of seconds from the to_string value. Then did some math to turn it into hours minutes seconds

Hello @d2freak82

If I’m correct this was from Discord?

Could you show how this was done?

sure - first since I was seeing PT140s (or some variation of that) displaying for session_time I realized that it was a duration it was showing. To do that, I just did a basic output of what to_string(session_time) was.
Then I created a grok pattern to extract that, which could be done in the pipeline simply with %{NUMBER:name} - because that’s all I put in the grok pattern I created.

rule "VPN sessiontime to min"


    let session_duration = to_string($message.session_time);
    let vpn_duration = grok("%{UNIFIMS:UNWWANTED}", session_duration, true);
    let d_time = to_long(vpn_duration.time);
    let d_seconds = d_time % 60;
    let d_minutes = (d_time % 3600 - d_seconds) / 60;
    let d_hours   = d_time / 3600;
    let build_message_0 = concat(to_string(d_hours), " hours, ");
    let build_message_1 = concat(build_message_0, to_string(d_minutes));
    let build_message_2 = concat(build_message_1, " minutes, ");
    let build_message_3 = concat(build_message_2, to_string(d_seconds));
    let build_message_4 = concat(build_message_3, " seconds"); 
    set_field("session_duration", build_message_4);

used the modulus % for the minutes/seconds to calculate only what was below 60

Output looks like

0 hours, 7 minutes, 38 seconds

Awesome, thanks for posting it @d2freak82

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.