Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Convert from any timezone to UTC

rockstarter
New Member
‎07-23-2020 09:25 PM

How do I convert a timestamp from any timezone to UTC in splunk? 

I have a field "DeviceTime" that can hold any time zone value. Few examples below

 

 

7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00

 

 

I would like to find the difference in minutes between current UTC time and the time stamp fields above

Labels (1)
Labels
0 Karma
Reply

to4kawa
Ultra Champion
‎07-23-2020 10:14 PM

try strptime() with %:z and change user preference time zone.

| makeresults
| eval _raw="7/24/2020 9:45:47 AM +05:30
7/23/2020 6:29:45 AM -05:00
7/24/2020 11:21:31 AM +07:00
7/24/2020 4:21:29 AM +00:00"
| multikv noheader=t 
| table _raw
| eval epoch=strptime(_raw,"%m/%d/%Y %T %p %:z")
| eval local_time=strftime(epoch,"%F %T")

 

0 Karma
Reply

niketn
Legend
‎07-23-2020 10:10 PM

@rockstarter check out @to4kawa 's answer on this post: https://community.splunk.com/t5/Splunk-Search/How-to-get-current-GMT-time/m-p/510578#M142924

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top