Getting Data In

How to populate the Date field in log in Splunk DBX 1.1.6 ?

Madhan45
Path Finder

Actual log format: event_name:myname event_date:150012356 event_id

i Have chosen this event_date as timestamp column, now it is getting converted into human readable format as shown below:

Current log format: 2017-08-17 event_name:myname event_id:2134
(epoch value in event_date is converting and coming at the beggining of the event that is fine. but again i want that is to be present in the log as well like 2017-08-17 event_name:myname event_date:150012356 event_id:2134).

How to resolve this? Is there any parameter needs to amend/sql query needs to changed? im using dbx version 1.1.6.

Tags (3)
0 Karma

Madhan45
Path Finder

Hi Cusello,

thanks for the reply, There is no problem in converting epoch value into human readable format.

after the conversion, the correct timestamp is coming at the begining of the logs but again i need the field event_dt in the log in same format such as event_dt=150023123.

Hope you understood my question.

0 Karma

gcusello
Legend

Hi
i'm not an expert in SQL, but there are many ways to convert a date from epochtime to human readable, you have to modify the extracting query inserting in the SELECT statement

CAST(DATE '1970-01-01' + ( 1 / 24 / 60 / 60 ) * event_date AS event_date)

Or

DATEADD(s, event_date, '19700101')

Bye.
Giuseppe

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>