Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to convert date time format from my log parser to Splunk?

guruwells
Explorer
‎05-16-2016 07:48 AM

Hi,

I am converting all statements from my log parser tool to Splunk. I didn't get the exact conversion for date and time timezone format.

Please find my search here from log parser.

Log parser:

TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 1)) as Second, COUNT(*)

I want to convert above statement into Splunk syntax format.

Please help me on this.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎05-16-2016 09:29 AM

YOu would need to use strptime funtion like this (run anywhere sample, replace line 1 with your search. Mine just generates dummy row)

| gentimes start=-1 | eval YourDateField="2015-06-15 00:00:01" | table YourDateField
| eval YourDateInEpoch=strptime(YourDateField,"%Y-%m-%d %H:%M:%S")   
| eval YourSecondPart=strftime(YourDateInEpoch,"%S")

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎05-16-2016 09:29 AM

YOu would need to use strptime funtion like this (run anywhere sample, replace line 1 with your search. Mine just generates dummy row)

| gentimes start=-1 | eval YourDateField="2015-06-15 00:00:01" | table YourDateField
| eval YourDateInEpoch=strptime(YourDateField,"%Y-%m-%d %H:%M:%S")   
| eval YourSecondPart=strftime(YourDateInEpoch,"%S")
0 Karma
Reply
Solved! Jump to solution

guruwells
Explorer
‎05-16-2016 09:36 AM

Thanks for the quick reply on this. It's really appreciated. what I am doing here is. I am pulling iis log information. I have separate fields which are date and time from my log. first thing is I need to get date and time and same time I need to convert that date into local time.
TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 1)) as Second

Your help is appreciated.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎05-18-2016 07:28 AM

Could you provide the current value of timestamp that you're getting now and what you want to it to transform into (with actual examples)?

0 Karma
Reply
Solved! Jump to solution

guruwells
Explorer
‎05-19-2016 04:35 AM

Hi,
Thanks for the reply. My time format in log file is "2016-01-10 08:00:00 ( Pacific time) and I wanted to convert date and time into Eastern time ( example: 2016-01-10 00:00:00). In above statement I am trying to convert server time to local time.

is this information is good enough?. date and time field are seperate fields here.
One more question is here: shall we use "_time" field to retrieve data?

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎05-16-2016 08:33 AM

How does your timestamp looks like , samples?? (you probably need to use function strptime)

0 Karma
Reply
Solved! Jump to solution

guruwells
Explorer
‎05-16-2016 09:18 AM

Thanks for the reply. I am looking for date format which is " 2015-06-15 00:00*:01*". something I need to seconds data.

Let me know if you need any info on this.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...