Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Change time format for a workflow action?

alferone
Explorer
‎12-12-2023 11:36 AM

Here is a snippet of the URL I am sending and the time format in which it needs to be:

startTime=2023-12-01T16%3A27%3A45.000Z&endTime=2023-12-01T16%3A32%3A45.000Z

However, when I try to send "latesttime" or "earliesttime", splunk is sending it in epoch.

How do I get the proper format of time for the URL within the workflow action?

Thanks!

Labels (1)
Labels
0 Karma
Reply

glc_slash_it
Path Finder
‎12-14-2023 12:58 AM

Hi,

For Splunk, earliest and latest fields are always in epoch format.

But you can try to format them using strptime(earliest , "%Y-%m-%dT%H:%M:%S").

Docs:

https://docs.splunk.com/Documentation/SCS/current/SearchReference/DateandTimeFunctions#strptime.28.2...

 

------------
If this was helpful, some karma would be appreciated.

 

0 Karma
Reply

alferone
Explorer
‎12-14-2023 05:42 AM

Well, yeah, I understand how I can convert the time from epoch, but I am trying to do this inside of a workflow action.  Someone searches "index=firewall", and then they click on "Event Actions" to click on the workflow action.  How does the time get converted through that mechanism?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...