Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

dbconnect ms sql timestamp error

sduchene_splunk
Splunk Employee
Splunk Employee
‎11-27-2015 07:59 AM

Hello, Question + answers here :
We were using dbconnect 2 for a MS sql query. the column used for the timestamp was giving us an error BIGINT.
(you can see it by typing index=_internal sourcetype=dbx2 error )
The trick is to convert the MS SQL epoch time, wich is in millinsecond, to a linux epoch time, in second, so that splunk can understand the time.
How do we do this ? answer below. hope it's useful for you

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sduchene_splunk
Splunk Employee
Splunk Employee
‎11-27-2015 08:04 AM

the idea is to convert the epoch time. Good thing to know : epoch time on win!=epochtime on linux....
the sql command that did the trick is : dateadd
and also divide by 1000 to get the epoch time in second instead of ms

dateadd(second, mysqlfield/1000,'19700101')

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sduchene_splunk
Splunk Employee
Splunk Employee
‎11-27-2015 08:04 AM

the idea is to convert the epoch time. Good thing to know : epoch time on win!=epochtime on linux....
the sql command that did the trick is : dateadd
and also divide by 1000 to get the epoch time in second instead of ms

dateadd(second, mysqlfield/1000,'19700101')
0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Heading to your first .Conf? You’re in for an unforgettable ride — learning, networking, swag collecting, ...

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Calling all Splunk developers, custom SPL builders, dashboarders, and Splunkbase app creators – the Builder ...

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

Are you ready to take your threat hunting skills to the next level? As Splunk community members, you know the ...
Top