Solved: Convert field representing time to another time fo...

cosullivan66 · ‎04-01-2013

Hi Everybody,

I have a field in my splunk events that is an XML field representing a videoconference session start time called ns2:sessionStartTime. An example of a field value is 2013-03-31T23:12:58.062-07:00. I want to turn this into a number (possibly Unix epoch time?) so I can perform ns2:sessionEndTime - ns2:sessionStartTime and figure out how long the session took. If there's any easier way of doing this calculation I'm all ears. Thanks for any and all help.

Conor

martin_mueller · ‎04-01-2013

You're probably looking for this:

... | eval sessionStartTimeEpoch = strptime(sessionStartTime, "%FT%T.%3N%z")

View solution in original post

martin_mueller · ‎04-01-2013

You're probably looking for this:

... | eval sessionStartTimeEpoch = strptime(sessionStartTime, "%FT%T.%3N%z")

cosullivan66 · ‎04-03-2013

perfect, thank you so much!

Convert field representing time to another time format

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation