Convert from any timezone to UTC

rockstarter · ‎07-23-2020

How do I convert a timestamp from any timezone to UTC in splunk?

I have a field "DeviceTime" that can hold any time zone value. Few examples below

7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00

I would like to find the difference in minutes between current UTC time and the time stamp fields above

to4kawa · ‎07-23-2020

try strptime() with %:z and change user preference time zone.

| makeresults
| eval _raw="7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00"
| multikv noheader=t 
| table _raw
| eval epoch=strptime(_raw,"%m/%d/%Y %T %p %:z")
| eval local_time=strftime(epoch,"%F %T")

niketnilay · ‎07-23-2020

@rockstarter check out @to4kawa 's answer on this post: https://community.splunk.com/t5/Splunk-Search/How-to-get-current-GMT-time/m-p/510578#M142924

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Convert from any timezone to UTC

eval

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >