Convert from any timezone to UTC

rockstarter · ‎07-23-2020

How do I convert a timestamp from any timezone to UTC in splunk?

I have a field "DeviceTime" that can hold any time zone value. Few examples below

7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00

I would like to find the difference in minutes between current UTC time and the time stamp fields above

to4kawa · ‎07-23-2020

try strptime() with %:z and change user preference time zone.

| makeresults
| eval _raw="7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00"
| multikv noheader=t 
| table _raw
| eval epoch=strptime(_raw,"%m/%d/%Y %T %p %:z")
| eval local_time=strftime(epoch,"%F %T")

niketn · ‎07-23-2020

@rockstarter check out @to4kawa 's answer on this post: https://community.splunk.com/t5/Splunk-Search/How-to-get-current-GMT-time/m-p/510578#M142924

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Convert from any timezone to UTC

eval

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation

Convert from any timezone to UTC

eval

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions