Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Remove T ffrom the timestamp and find the different two different time column

ravir_jbp
Explorer
‎06-28-2024 01:26 AM

 

Able to get event output in table format. But looking for eval condition:

1. Remove T from the timestamp and convert the below UTC/GMT to EST and need this in YYYY-MM-DD HH:MM:SS

2. And need the time different between c_timestamp and c_mod and add the time difference in Timetaknen column.

 

Capture.JPG

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-28-2024 02:20 AM

Change your global time zone to be your local time zone e.g. EST.

To calculate differences in times you need to parse the strings to epoch format

| eval epoch_timestamp=strptime(c_timestamp,"%FT%T.%6N%z")
| eval local_timestamp=strftime(epoch_timestamp,"%F %T.%6N %Z")
| eval epoch_mod=strptime(c_mod,"%FT%T.%6N%z")
| eval local_mod=strftime(epoch_mod,"%F %T.%6N %Z")
| eval diff=epoch_mod-epoch_timestamp
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Callie Skokos: Hello and welcome to another episode of "Splunk Smartness," the interview series where we ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...