Convert from any timezone to UTC - Splunk Community

Splunk Search

How do I convert a timestamp from any timezone to UTC in splunk?

I have a field "DeviceTime" that can hold any time zone value. Few examples below

7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00

I would like to find the difference in minutes between current UTC time and the time stamp fields above

try strptime() with %:z and change user preference time zone.

| makeresults
| eval _raw="7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00"
| multikv noheader=t 
| table _raw
| eval epoch=strptime(_raw,"%m/%d/%Y %T %p %:z")
| eval local_time=strftime(epoch,"%F %T")

@rockstarter check out @to4kawa 's answer on this post: https://community.splunk.com/t5/Splunk-Search/How-to-get-current-GMT-time/m-p/510578#M142924

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...