Try any of strptime or convert command.
e.g.
| gentimes start=-1 | eval YourDate="3:21:34 AM 12/8/2014" | table YourDate
| eval epoch1=strptime(YourDate,"%H:%M:%S %p %m/%d/%Y")
| convert timeformat="%H:%M:%S %p %m/%d/%Y" mktime(YourDate) as epoch2
Try any of strptime or convert command.
e.g.
| gentimes start=-1 | eval YourDate="3:21:34 AM 12/8/2014" | table YourDate
| eval epoch1=strptime(YourDate,"%H:%M:%S %p %m/%d/%Y")
| convert timeformat="%H:%M:%S %p %m/%d/%Y" mktime(YourDate) as epoch2
Can you tell me what is the unit of the time which is converted to Epoch format?
@somesoni2
It's in seconds
Perfect, thank you very much!
2/11/2020 11:49:00 AM 2/11/2020 9:55:00 PM
How to convert this into Secs.. Conersion of AM and PM is not working as expected
| eval "Bridge End Date In Sec"=tonumber(strftime(strptime('Bridge End Date',"%m/%d/%Y %H:%M:%S %p"),"%s"))
| eval "Bridge Start Date In Sec"=tonumber(strftime(strptime('Bridge Start Date',"%m/%d/%Y %H:%M:%S %p"),"%s"))
| eval "Bridge End Date In Sec"=strptime('Bridge End Date',"%m/%d/%Y %H:%M:%S %p")
| eval "Bridge Start Date In Sec"=strptime('Bridge Start Date',"%m/%d/%Y %H:%M:%S %p")
I got same results for both AM and PM
try this
eval t="your time field"
Thanks, but that did not work 😞
Returns a result like this: 10:26:26 AM 12/2/2014
My query is:
sourcetype=WinEventLog:Security EventCode=520 | eval t=New_Time
try this..
eval t=_time
t will be your new field