topic Re: How to convert date time format from my log parser to Splunk? in Getting Data In

How to convert date time format from my log parser to Splunk?

guruwells — Mon, 16 May 2016 14:48:07 GMT

Hi,

I am converting all statements from my log parser tool to Splunk. I didn't get the exact conversion for date and time timezone format.

Please find my search here from log parser.

Log parser:

TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 1)) as Second, COUNT(*)

I want to convert above statement into Splunk syntax format.

Please help me on this.

Re: How to convert date time format from my log parser to Splunk?

somesoni2 — Mon, 16 May 2016 15:33:05 GMT

How does your timestamp looks like , samples?? (you probably need to use function strptime)

Re: How to convert date time format from my log parser to Splunk?

guruwells — Tue, 29 Sep 2020 09:42:38 GMT

Thanks for the reply. I am looking for date format which is " 2015-06-15 00:00*:01*". something I need to seconds data.

Let me know if you need any info on this.

Re: How to convert date time format from my log parser to Splunk?

somesoni2 — Mon, 16 May 2016 16:29:48 GMT

YOu would need to use strptime funtion like this (run anywhere sample, replace line 1 with your search. Mine just generates dummy row)

| gentimes start=-1 | eval YourDateField="2015-06-15 00:00:01" | table YourDateField
| eval YourDateInEpoch=strptime(YourDateField,"%Y-%m-%d %H:%M:%S")   
| eval YourSecondPart=strftime(YourDateInEpoch,"%S")

Re: How to convert date time format from my log parser to Splunk?

guruwells — Tue, 29 Sep 2020 09:42:41 GMT

Thanks for the quick reply on this. It's really appreciated. what I am doing here is. I am pulling iis log information. I have separate fields which are date and time from my log. first thing is I need to get date and time and same time I need to convert that date into local time.
TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 1)) as Second

Your help is appreciated.

Re: How to convert date time format from my log parser to Splunk?

somesoni2 — Wed, 18 May 2016 14:28:48 GMT

Could you provide the current value of timestamp that you're getting now and what you want to it to transform into (with actual examples)?

Re: How to convert date time format from my log parser to Splunk?

guruwells — Thu, 19 May 2016 11:35:05 GMT

Hi,
Thanks for the reply. My time format in log file is "2016-01-10 08:00:00 ( Pacific time) and I wanted to convert date and time into Eastern time ( example: 2016-01-10 00:00:00). In above statement I am trying to convert server time to local time.

is this information is good enough?. date and time field are seperate fields here.
One more question is here: shall we use "_time" field to retrieve data?