Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Time conversion & filter

Karthikeyan
Engager
‎08-13-2021 04:32 AM

Hi Experts,

 

I have created a search query to fetch details from Linux log and extracted a timestamp field and converted that with command strftime.

Timestamp from Linux log: 1628674387976621

| eval CT_time=strftime(Start_Time/pow(10,6),"%d/%m/%Y %H:%M:%S") 

Now I would like to filter the events based on converted time, like From CT_time to CT_time.

 

Please help with a query to filter with converted timestamp.

 

Regards, Karthikeyan.SV

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-13-2021 06:18 AM

Filtering events based on timestamps requires comparing timestamps, which is something Splunk cannot do with human-readable time strings.  Splunk compares times in integer form.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
li.common.scroll-to.top