Solved: Convert data from "%Y-%m" to epoch and again to "%...

Accak · ‎02-10-2017

Hi guys, I am begginer which some problems with converting.
I tried to parse date in format %Y-%m like 2017-01 to epoch, but this:

eval next_month = strptime(chose_month, "%Y-%m")

does not work.

I did some workaround, can anybody tell how I can improve this?

|  eval next_month=chosen_month+"-01"  
 | eval next_month=strptime(next_month,"%Y-%m-%d") | eval next_month = strftime(relative_time(next_month , "+1mon"), "%Y-%m")|

Thanks in advance!

DalJeanis · ‎02-10-2017

Apparently, strptime does not operate as expected for that format. Concatenate "-01" on the end and use the method in mydate2C below.

| makeresults  
| eval mytime=_time
| eval mydate1 = strftime(_time,"%Y") 
| eval mydate1B = strptime(mydate3,"%Y")
| eval mydate2=strftime(_time,"%Y-%m")
| eval mydate2B=strptime(mydate2,"%Y-%m") 
| eval mydate2C=strptime(mydate2."-01","%Y-%m-%d")
| eval mydate3=strftime(_time,"%Y-%m-%d") 
| eval mydate3B=strptime(mydate3,"%Y-%m-%d") 
| table _time mytime mydate1 mydate1B mydate2 mydate2B mydate2C mydate3 mydate3B

in your case, that would look like -

| eval this_month_epoch = strptime(chose_month."-01", "%Y-%m-%d")
| eval next_month_epoch = relative_time(this_month_epoch, "+1mon@m")

and if you want to display the results -

| eval this_month_display = strftime(this_month_epoch,"%Y-%m-%d")
| eval next_month_display = strftime(next_month_epoch,"%Y-%m-%d")

View solution in original post

somesoni2 · ‎02-10-2017

When converting string date to epoch, day and month part is mandatory, year part is optional (default to same year).
When converting string time to epoch, hour and minute part is mandatory, date part is optional (default to today).

DalJeanis · ‎02-10-2017

True, but odd. The expected epoch output for a date/time specified at the month level would be the first moment of that month. There's no ambiguity in that as the default. The Open Spec is silent on the matter, as far as I can tell.

somesoni2 · ‎02-10-2017

I would agree. If you can default the hour to 0 if no hour is specified (when giving month and day) to default to start of the day, why not do the same with month, or year for that matter.

DalJeanis · ‎02-10-2017

Apparently, strptime does not operate as expected for that format. Concatenate "-01" on the end and use the method in mydate2C below.

| makeresults  
| eval mytime=_time
| eval mydate1 = strftime(_time,"%Y") 
| eval mydate1B = strptime(mydate3,"%Y")
| eval mydate2=strftime(_time,"%Y-%m")
| eval mydate2B=strptime(mydate2,"%Y-%m") 
| eval mydate2C=strptime(mydate2."-01","%Y-%m-%d")
| eval mydate3=strftime(_time,"%Y-%m-%d") 
| eval mydate3B=strptime(mydate3,"%Y-%m-%d") 
| table _time mytime mydate1 mydate1B mydate2 mydate2B mydate2C mydate3 mydate3B

in your case, that would look like -

| eval this_month_epoch = strptime(chose_month."-01", "%Y-%m-%d")
| eval next_month_epoch = relative_time(this_month_epoch, "+1mon@m")

and if you want to display the results -

| eval this_month_display = strftime(this_month_epoch,"%Y-%m-%d")
| eval next_month_display = strftime(next_month_epoch,"%Y-%m-%d")

Convert data from "%Y-%m" to epoch and again to "%Y-%m"

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats