Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Converting String to date

SAPrabhakar
Explorer
‎08-04-2016 07:49 AM

I am trying to convert the string "08/04/16 09:40:41.690" to a date in splunk. I think that I am supposed to use some combination of strptime and strftime but I can't figure it you. I thought that eval testTime = strptime(message.facets.requestStart, "%m/%d/%Y %I:%M:%S:%3Q") would do the trick but that doesn't seem to work.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎08-04-2016 10:25 AM

Try this

| makeresults | eval x="08/04/16 09:40:41.690" | eval y=strptime(x, "%m/%d/%y %H:%M:%S") | eval z=strftime(y, "%m/%d/%Y") | table x y z

View solution in original post

Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-04-2016 10:54 AM

Try this
To convert to epoch

your base search | eval testTime = strptime('message.facets.requestStart', "%m/%d/%Y %H:%M:%S:%N")

To convert to epoch and round to start of the day

your base search | eval testTime = relative_time(strptime('message.facets.requestStart', "%m/%d/%Y %H:%M:%S:%N"),"@d")
0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎08-04-2016 10:25 AM

Try this

| makeresults | eval x="08/04/16 09:40:41.690" | eval y=strptime(x, "%m/%d/%y %H:%M:%S") | eval z=strftime(y, "%m/%d/%Y") | table x y z
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...