can anyone provide me with a way to have Splunk convert an extracted field which is currently in milliseconds to HH:MM:SS?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
...| fieldFormat inSeconds = tostring(inMS/1000,"duration)
where inMS is the name of the extracted field and inSeconds is the result you want
add | fields - inMS to remove the original field
