Solved: parsing time

VijaySrrie · ‎08-21-2020

Hi,

How to parse below

2020.08.20 07:38:42 902 +1000

isoutamo · ‎08-21-2020

Hi

Here is example what you can do with it

| makeresults
| eval Time1="2020.08.20 07:38:42 902 +1000"
| eval epoch_time = strptime(Time1, "%Y.%m.%d %H:%M:%S %3Q %z")
| eval Time_Human = strftime(epoch_time, "%c")
| eval Time_2 = strftime(epoch_time,"%FT%T.%3Q%:z")

More information about time formats:

https://docs.splunk.com/Documentation/Splunk/8.0.5/SearchReference/Commontimeformatvariables

r. Ismo

View solution in original post

isoutamo · ‎08-21-2020

Hi

Here is example what you can do with it

| makeresults
| eval Time1="2020.08.20 07:38:42 902 +1000"
| eval epoch_time = strptime(Time1, "%Y.%m.%d %H:%M:%S %3Q %z")
| eval Time_Human = strftime(epoch_time, "%c")
| eval Time_2 = strftime(epoch_time,"%FT%T.%3Q%:z")

More information about time formats:

https://docs.splunk.com/Documentation/Splunk/8.0.5/SearchReference/Commontimeformatvariables

r. Ismo

harsmarvania57 · ‎08-21-2020

Please provide more information, where you want to parse that timestamp ?

parsing time

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life