Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Convert this time format to epoch

hagjos43
Contributor
‎12-08-2014 09:43 AM

I have a time in the format of:
3:21:34 AM 12/8/2014

I'm trying to convert this to epoch time. Can anyone lend a hand?

Thanks!

Tags (4)
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎12-08-2014 10:53 AM

Try any of strptime or convert command.

e.g.

| gentimes start=-1 | eval YourDate="3:21:34 AM 12/8/2014" | table YourDate 
| eval epoch1=strptime(YourDate,"%H:%M:%S %p %m/%d/%Y") 
| convert timeformat="%H:%M:%S %p %m/%d/%Y" mktime(YourDate) as epoch2

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎12-08-2014 10:53 AM

Try any of strptime or convert command.

e.g.

| gentimes start=-1 | eval YourDate="3:21:34 AM 12/8/2014" | table YourDate 
| eval epoch1=strptime(YourDate,"%H:%M:%S %p %m/%d/%Y") 
| convert timeformat="%H:%M:%S %p %m/%d/%Y" mktime(YourDate) as epoch2
Reply
Solved! Jump to solution

pratikkadam
New Member
‎01-24-2018 02:17 AM

Can you tell me what is the unit of the time which is converted to Epoch format?
@somesoni2

0 Karma
Reply
Solved! Jump to solution

493669
Super Champion
‎01-24-2018 02:39 AM

It's in seconds

0 Karma
Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-10-2014 07:52 AM

Perfect, thank you very much!

0 Karma
Reply
Solved! Jump to solution

ashanka
Explorer
‎03-05-2020 12:26 PM

2/11/2020 11:49:00 AM 2/11/2020 9:55:00 PM

How to convert this into Secs.. Conersion of AM and PM is not working as expected

| eval "Bridge End Date In Sec"=tonumber(strftime(strptime('Bridge End Date',"%m/%d/%Y %H:%M:%S %p"),"%s"))
| eval "Bridge Start Date In Sec"=tonumber(strftime(strptime('Bridge Start Date',"%m/%d/%Y %H:%M:%S %p"),"%s"))

0 Karma
Reply
Solved! Jump to solution

to4kawa
Ultra Champion
‎03-05-2020 02:08 PM 
| eval "Bridge End Date In Sec"=strptime('Bridge End Date',"%m/%d/%Y %H:%M:%S %p")
| eval "Bridge Start Date In Sec"=strptime('Bridge Start Date',"%m/%d/%Y %H:%M:%S %p")
0 Karma
Reply
Solved! Jump to solution

nagarjuna280
Communicator
‎07-29-2017 09:43 PM

I got same results for both AM and PM

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎12-08-2014 09:53 AM

try this

eval t="your time field"

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

hagjos43
Contributor
‎12-08-2014 10:11 AM

Thanks, but that did not work 😞
Returns a result like this: 10:26:26 AM 12/2/2014

My query is:
sourcetype=WinEventLog:Security EventCode=520 | eval t=New_Time

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎12-08-2014 10:26 AM

try this..
eval t=_time

t will be your new field

kamal singh bisht
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...