Splunk IT Service Intelligence

Have problem with my timestamp format

jcvytla
New Member

I'm trying to do forecasting on hourly data. I'm getting error , even though I change my time format. need help in converting "3/5/2018 0:49" into unix time stamp.

0 Karma
1 Solution

adonio
Ultra Champion

try this:

| makeresults count=1 | eval time = "3/5/2018 0:49"
| eval in_epoch = strptime(time, "%m/%d/%Y %H:%M")

hope it helps

View solution in original post

0 Karma

lsnow_splunk
Splunk Employee
Splunk Employee

Hi, @jcvytla-

Check out the "convert" command. The syntax for your case would look something like

convert timeformat=%m/%d/%Y %H:%M mktime(existing_time_field) AS epoch_time

but double check the time format if it doesn't seem to be working for you - the lack of leading zeroes in your timestamp might mean that you have to tweak that.

0 Karma

adonio
Ultra Champion

try this:

| makeresults count=1 | eval time = "3/5/2018 0:49"
| eval in_epoch = strptime(time, "%m/%d/%Y %H:%M")

hope it helps

0 Karma

jcvytla
New Member

Could you please help me with time chart for the same time format?

Thanks in advance

0 Karma

adonio
Ultra Champion

for timechart youll need to convert your time to the field _time
same thing, and now you can | timechart ... as foo | predict foo

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...