Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question
Solved! Jump to solution

Convert TimeFormat

hartfoml
Motivator
โ€Ž01-26-2012 10:25 AM

I have an event field called `LastBootUpTime=20120119121719.125000-360'

I am trying to convert this to a more readable format by using this convert command

| convert timeformat="%m-%d-%Y %H:%M:%S" ctime(LastBootUpTime) AS BootTime

this is not working. What am I missing??

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bojanz
Communicator
โ€Ž01-26-2012 11:20 AM

If I'm not wrong, convert needs epoch time for ctime().
So use strptime to convert to epoch time this first:

| eval temp=strptime(LastBootUpTime,"%Y%m%d%H%M%S") | convert timeformat="%m-%d-%Y %H:%M:%S" ctime(temp) AS BootTime

This will return BootTime in a human readable format, as specified in the timeformat parameter.

View solution in original post

Reply
Solved! Jump to solution
Solution

bojanz
Communicator
โ€Ž01-26-2012 11:20 AM

If I'm not wrong, convert needs epoch time for ctime().
So use strptime to convert to epoch time this first:

| eval temp=strptime(LastBootUpTime,"%Y%m%d%H%M%S") | convert timeformat="%m-%d-%Y %H:%M:%S" ctime(temp) AS BootTime

This will return BootTime in a human readable format, as specified in the timeformat parameter.

View solution in original post

Reply
Solved! Jump to solution

hartfoml
Motivator
โ€Ž01-26-2012 11:25 AM

That was the answer... howd you get so smart ๐Ÿ™‚

0 Karma
Reply
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!