https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Time-conversion-error-while-working-with-SQL/m-p/439453#M174033 <P>I have a SQL query using at Splunk DB Connect to pull the SQL audit log into Splunk as below:</P> <PRE><CODE>SELECT event_time, action_id, succeeded, session_id, server_principal_id, database_principal_id, object_id, class_type, session_server_principal_name, server_principal_name, database_principal_name, target_server_principal_name, server_instance_name, database_name, schema_name, object_name, statement, file_name, audit_schema_version, transaction_id FROM sys.fn_get_audit_file ('C:\\\\SQLAudit\\\\*',default,default) WHERE event_time &gt; ? ORDER BY event_time ASC </CODE></PRE> <P>However, the system return error:<BR /> "java.sql.SQLException: Conversion failed when converting date and/or time from character string."</P> <P>The raw event_time field return value in format:<BR /> 2018-08-26 10:29:57.3456782</P> <P>I havw tried to do conversion as below but no luck:</P> <PRE><CODE>SELECT substr('2018-08-26 10:29:57.3456782', 1, 19) as evt_time, TO_DATE(substr('2018-08-26 10:29:57.3456782', 1, 19), 'YYYY-MM-DD HH24:MI:SS') as evt_datetime, to_char(TO_DATE(substr('2018-08-26 10:29:57.3456782', 1, 19), 'YYYY-MM-DD HH24:MI:SS'), 'YYYYMMDD HH24MISS') as evt_datetime </CODE></PRE> <P>Anyone can give me a hand on this? Thanks.</P> Tue, 18 Dec 2018 08:18:05 GMT jasonsun 2018-12-18T08:18:05Z https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Time-conversion-error-while-working-with-SQL/m-p/439453#M174033 <P>I have a SQL query using at Splunk DB Connect to pull the SQL audit log into Splunk as below:</P> <PRE><CODE>SELECT event_time, action_id, succeeded, session_id, server_principal_id, database_principal_id, object_id, class_type, session_server_principal_name, server_principal_name, database_principal_name, target_server_principal_name, server_instance_name, database_name, schema_name, object_name, statement, file_name, audit_schema_version, transaction_id FROM sys.fn_get_audit_file ('C:\\\\SQLAudit\\\\*',default,default) WHERE event_time &gt; ? ORDER BY event_time ASC </CODE></PRE> <P>However, the system return error:<BR /> "java.sql.SQLException: Conversion failed when converting date and/or time from character string."</P> <P>The raw event_time field return value in format:<BR /> 2018-08-26 10:29:57.3456782</P> <P>I havw tried to do conversion as below but no luck:</P> <PRE><CODE>SELECT substr('2018-08-26 10:29:57.3456782', 1, 19) as evt_time, TO_DATE(substr('2018-08-26 10:29:57.3456782', 1, 19), 'YYYY-MM-DD HH24:MI:SS') as evt_datetime, to_char(TO_DATE(substr('2018-08-26 10:29:57.3456782', 1, 19), 'YYYY-MM-DD HH24:MI:SS'), 'YYYYMMDD HH24MISS') as evt_datetime </CODE></PRE> <P>Anyone can give me a hand on this? Thanks.</P> Tue, 18 Dec 2018 08:18:05 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Time-conversion-error-while-working-with-SQL/m-p/439453#M174033 jasonsun 2018-12-18T08:18:05Z https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Time-conversion-error-while-working-with-SQL/m-p/439454#M174034 <P>Hi,</P> <P>Can you please try to convert <CODE>event_time</CODE> using <CODE>TO_CHAR(event_time, 'YYYY-MM-DD HH24:MI:SS.FF3') evt_time</CODE> ?</P> Tue, 18 Dec 2018 08:52:42 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Time-conversion-error-while-working-with-SQL/m-p/439454#M174034 harsmarvania57 2018-12-18T08:52:42Z