Solved: Convert TimeFormat

hartfoml · ‎01-26-2012

I have an event field called `LastBootUpTime=20120119121719.125000-360'

I am trying to convert this to a more readable format by using this convert command

| convert timeformat="%m-%d-%Y %H:%M:%S" ctime(LastBootUpTime) AS BootTime

this is not working. What am I missing??

bojanz · ‎01-26-2012

If I'm not wrong, convert needs epoch time for ctime().
So use strptime to convert to epoch time this first:

| eval temp=strptime(LastBootUpTime,"%Y%m%d%H%M%S") | convert timeformat="%m-%d-%Y %H:%M:%S" ctime(temp) AS BootTime

This will return BootTime in a human readable format, as specified in the timeformat parameter.

bojanz · ‎01-26-2012

If I'm not wrong, convert needs epoch time for ctime().
So use strptime to convert to epoch time this first:

| eval temp=strptime(LastBootUpTime,"%Y%m%d%H%M%S") | convert timeformat="%m-%d-%Y %H:%M:%S" ctime(temp) AS BootTime

This will return BootTime in a human readable format, as specified in the timeformat parameter.

hartfoml · ‎01-26-2012

That was the answer... howd you get so smart 🙂

Convert TimeFormat