Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

time stamp

shreyasamin64
Explorer
‎01-10-2022 02:37 AM

Hello, 

need assistance on time format 

input :                                                              output :  %F    (2021-11-23)

23 Nov

11/23/21

11/23/2021

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-10-2022 03:34 AM

Hi

here is list of those abbreviations https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commontimeformatvariables

You could convert those from string to epoch with strptime and from epoch to string with strftime.

| makeresults 
| eval time1="23 Nov", time2="11/23/21", time3="11/23/2021"
| eval time1s=strftime(strptime(time1,"%d %b"),"%F"),
time2s=strftime(strptime(time2,"%m/%d/%y"),"%F"),
time3s=strftime(strptime(time3,"%m/%d/%Y"),"%F")
| table time1 time1s time2 time2s time3 time3s

r. Ismo 

0 Karma
Reply
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...