Re: How to populate the Date field in log in Splun...

Madhan45 · ‎08-17-2017

Actual log format: event_name:myname event_date:150012356 event_id

i Have chosen this event_date as timestamp column, now it is getting converted into human readable format as shown below:

Current log format: 2017-08-17 event_name:myname event_id:2134
(epoch value in event_date is converting and coming at the beggining of the event that is fine. but again i want that is to be present in the log as well like 2017-08-17 event_name:myname event_date:150012356 event_id:2134).

How to resolve this? Is there any parameter needs to amend/sql query needs to changed? im using dbx version 1.1.6.

Madhan45 · ‎08-17-2017

Hi Cusello,

thanks for the reply, There is no problem in converting epoch value into human readable format.

after the conversion, the correct timestamp is coming at the begining of the logs but again i need the field event_dt in the log in same format such as event_dt=150023123.

Hope you understood my question.

gcusello · ‎08-17-2017

Hi
i'm not an expert in SQL, but there are many ways to convert a date from epochtime to human readable, you have to modify the extracting query inserting in the SELECT statement

CAST(DATE '1970-01-01' + ( 1 / 24 / 60 / 60 ) * event_date AS event_date)

Or

DATEADD(s, event_date, '19700101')

Bye.
Giuseppe

How to populate the Date field in log in Splunk DBX 1.1.6 ?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life