Splunk Enterprise Security
Highlighted

How may I change MM/DD/YYYY HH:MM:SS to epoch time?

Path Finder

Situation:
- I have some records with a human readable field "Creation Date" (MM/DD/YYYY HH:MM:SS).
- I'd like to sort by "Creation Date"

Problem:
- The sort command does not appear to work. I believe this is because it needs to be in epoch time to make the calculation.

Proposed Solution:
- Convert the field to epoch and run the sort command against the data set using the new epoch field.

0 Karma
Highlighted

Re: How may I change MM/DD/YYYY HH:MM:SS to epoch time?

Champion

Hi

Check this

| makeresults 
| eval "Creation Date"="03/26/2020 13:56:12" 
| eval epoch=strptime('Creation Date',"%m/%d/%Y %H:%M:%S")

View solution in original post

Highlighted

Re: How may I change MM/DD/YYYY HH:MM:SS to epoch time?

Path Finder

@vnravikumar - thank you!

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.