How do I convert a timestamp?

kiran331 — Thu, 21 Sep 2017 21:24:04 GMT

Hi,

I have a field with timestamp value "2017-09-21T20:48:48.535427Z" in format. I need to convert it to "09/21/2017 3:48:48 PM", Please advise?

Re: How do I convert a timestamp?

niketn — Thu, 21 Sep 2017 23:57:39 GMT

@kiran331, you would also need to confirm as to what is your Time field name and whether it is epoch timestamp or string timestamp.

If it is string time stamp i.e. the field Time contains string time value as per your given example, then you need to first convert the same to epoch time using strptime() and then use strftime() to convert to the required format.

If the Time field contains epoch time then you would only require strftime() to convert from epoch to string time as per your format. Following is run anywhere search as per your question. PS first two pipes are used to mock up Time field with test value. You can replace the same with your search and time field name accordingly.

| makeresults
| eval Time="2017-09-21T20:48:48.535427Z"
| eval TimeStringConverted=strftime(strptime(Time,"%Y-%m-%dT%H:%M:%S.%6N"),"%m/%d/%Y %H:%M:%S %p")
| table Time TimeStringConverted

Re: How do I convert a timestamp?

lfedak_splunk — Fri, 22 Sep 2017 00:17:14 GMT

Hey @kiran331, if they solved your problem, please don't forget to accept an answer! You can upvote posts as well. (Karma points will be awarded for either action.) Happy Splunking!

topic How do I convert a timestamp? in Getting Data In

How do I convert a timestamp?

Re: How do I convert a timestamp?

Re: How do I convert a timestamp?