- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Convert from any timezone to UTC
rockstarter
New Member
07-23-2020
09:25 PM
How do I convert a timestamp from any timezone to UTC in splunk?
I have a field "DeviceTime" that can hold any time zone value. Few examples below
7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00
I would like to find the difference in minutes between current UTC time and the time stamp fields above
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
07-23-2020
10:14 PM
try strptime() with %:z and change user preference time zone.
| makeresults
| eval _raw="7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00"
| multikv noheader=t
| table _raw
| eval epoch=strptime(_raw,"%m/%d/%Y %T %p %:z")
| eval local_time=strftime(epoch,"%F %T")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
niketn
Legend
07-23-2020
10:10 PM
@rockstarter check out @to4kawa 's answer on this post: https://community.splunk.com/t5/Splunk-Search/How-to-get-current-GMT-time/m-p/510578#M142924
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
| makeresults | eval message= "Happy Splunking!!!"
