Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why am I unable to use strptime() function?

POR160893
Builder
‎02-10-2023 07:01 AM

Hi,

I am unable to use strptime() here correctly.

My code is:
index="ABC"
| eval time=strptime(_time, "%Y-%m-%dT%H:%M:%S")
| bin time span=15m
| table time

But the table has no output .....

Can you please help?
Thanks!

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-10-2023 07:09 AM

Hi @POR160893,

_time is already in epochtime, even if is displayed in human readable, so you can directlòy use it in timechart:

index="ABC"
| timechart span=15m count

if instead you want to list all _time in epochtime yu can use rename:

index="ABC"
| bin span=15m _time 
| rename _time AS time
| table time

Ciao.

Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...