Getting Data In

How to populate the Date field in log in Splunk DBX 1.1.6 ?

Madhan45
Path Finder

Actual log format: event_name:myname event_date:150012356 event_id

i Have chosen this event_date as timestamp column, now it is getting converted into human readable format as shown below:

Current log format: 2017-08-17 event_name:myname event_id:2134
(epoch value in event_date is converting and coming at the beggining of the event that is fine. but again i want that is to be present in the log as well like 2017-08-17 event_name:myname event_date:150012356 event_id:2134).

How to resolve this? Is there any parameter needs to amend/sql query needs to changed? im using dbx version 1.1.6.

Tags (3)
0 Karma

Madhan45
Path Finder

Hi Cusello,

thanks for the reply, There is no problem in converting epoch value into human readable format.

after the conversion, the correct timestamp is coming at the begining of the logs but again i need the field event_dt in the log in same format such as event_dt=150023123.

Hope you understood my question.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi
i'm not an expert in SQL, but there are many ways to convert a date from epochtime to human readable, you have to modify the extracting query inserting in the SELECT statement

CAST(DATE '1970-01-01' + ( 1 / 24 / 60 / 60 ) * event_date AS event_date)

Or

DATEADD(s, event_date, '19700101')

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...