Solved: Converting String to date

SAPrabhakar · ‎08-04-2016

I am trying to convert the string "08/04/16 09:40:41.690" to a date in splunk. I think that I am supposed to use some combination of strptime and strftime but I can't figure it you. I thought that eval testTime = strptime(message.facets.requestStart, "%m/%d/%Y %I:%M:%S:%3Q") would do the trick but that doesn't seem to work.

sundareshr · ‎08-04-2016

Try this

| makeresults | eval x="08/04/16 09:40:41.690" | eval y=strptime(x, "%m/%d/%y %H:%M:%S") | eval z=strftime(y, "%m/%d/%Y") | table x y z

View solution in original post

somesoni2 · ‎08-04-2016

Try this
To convert to epoch

your base search | eval testTime = strptime('message.facets.requestStart', "%m/%d/%Y %H:%M:%S:%N")

To convert to epoch and round to start of the day

your base search | eval testTime = relative_time(strptime('message.facets.requestStart', "%m/%d/%Y %H:%M:%S:%N"),"@d")

sundareshr · ‎08-04-2016

Try this

| makeresults | eval x="08/04/16 09:40:41.690" | eval y=strptime(x, "%m/%d/%y %H:%M:%S") | eval z=strftime(y, "%m/%d/%Y") | table x y z

Converting String to date

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!