Getting Data In

How to populate the Date field in log in Splunk DBX 1.1.6 ?

Madhan45
Path Finder

Actual log format: event_name:myname event_date:150012356 event_id

i Have chosen this event_date as timestamp column, now it is getting converted into human readable format as shown below:

Current log format: 2017-08-17 event_name:myname event_id:2134
(epoch value in event_date is converting and coming at the beggining of the event that is fine. but again i want that is to be present in the log as well like 2017-08-17 event_name:myname event_date:150012356 event_id:2134).

How to resolve this? Is there any parameter needs to amend/sql query needs to changed? im using dbx version 1.1.6.

Tags (3)
0 Karma

Madhan45
Path Finder

Hi Cusello,

thanks for the reply, There is no problem in converting epoch value into human readable format.

after the conversion, the correct timestamp is coming at the begining of the logs but again i need the field event_dt in the log in same format such as event_dt=150023123.

Hope you understood my question.

0 Karma

gcusello
Legend

Hi
i'm not an expert in SQL, but there are many ways to convert a date from epochtime to human readable, you have to modify the extracting query inserting in the SELECT statement

CAST(DATE '1970-01-01' + ( 1 / 24 / 60 / 60 ) * event_date AS event_date)

Or

DATEADD(s, event_date, '19700101')

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...