Solved: Convert date and time bunched together to a readab...

splunkthat · ‎11-07-2023

In my splunk search for getting the date of Nessus plugins feed version used in a scan I get the number returned in the orginal format used of year-month-date-time (for example November 7th 2023 at 1200 would display as 202311071200) that I would like to convert into a readable format that I can then manipluate in splunk such as if i want to get the epoch time. How would I go about doing this?

richgalloway · ‎11-07-2023

Use the strptime function to convert text timestamps into epoch format. Then use strftime to convert epoch timestamps into human-readable form.

| eval epochTime=strptime(plugin_date, "%Y%m%d%H%M")
| eval humanTime=strftime(epochTime, "%Y-%m-%d %H:%M")

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-07-2023

Use the strptime function to convert text timestamps into epoch format. Then use strftime to convert epoch timestamps into human-readable form.

| eval epochTime=strptime(plugin_date, "%Y%m%d%H%M")
| eval humanTime=strftime(epochTime, "%Y-%m-%d %H:%M")

---
If this reply helps you, Karma would be appreciated.

Convert date and time bunched together to a readable date

eval

subsearch

table

Meet Duke Cyberwalker | A hero’s journey with Splunk

The Future of Splunk Search is Here - See What’s New!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today