Solved: Re: Converting String to date

SAPrabhakar · ‎08-04-2016

I am trying to convert the string "08/04/16 09:40:41.690" to a date in splunk. I think that I am supposed to use some combination of strptime and strftime but I can't figure it you. I thought that eval testTime = strptime(message.facets.requestStart, "%m/%d/%Y %I:%M:%S:%3Q") would do the trick but that doesn't seem to work.

sundareshr · ‎08-04-2016

Try this

| makeresults | eval x="08/04/16 09:40:41.690" | eval y=strptime(x, "%m/%d/%y %H:%M:%S") | eval z=strftime(y, "%m/%d/%Y") | table x y z

View solution in original post

somesoni2 · ‎08-04-2016

Try this
To convert to epoch

your base search | eval testTime = strptime('message.facets.requestStart', "%m/%d/%Y %H:%M:%S:%N")

To convert to epoch and round to start of the day

your base search | eval testTime = relative_time(strptime('message.facets.requestStart', "%m/%d/%Y %H:%M:%S:%N"),"@d")

sundareshr · ‎08-04-2016

Try this

| makeresults | eval x="08/04/16 09:40:41.690" | eval y=strptime(x, "%m/%d/%y %H:%M:%S") | eval z=strftime(y, "%m/%d/%Y") | table x y z

Converting String to date

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

ATTENTION!! We’re MOVING (not really)

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

Are you a member of the Splunk Community?

Converting String to date

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

ATTENTION!! We’re MOVING (not really)

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions