Solved: Re: Converting String to date

SAPrabhakar · ‎08-04-2016

I am trying to convert the string "08/04/16 09:40:41.690" to a date in splunk. I think that I am supposed to use some combination of strptime and strftime but I can't figure it you. I thought that eval testTime = strptime(message.facets.requestStart, "%m/%d/%Y %I:%M:%S:%3Q") would do the trick but that doesn't seem to work.

sundareshr · ‎08-04-2016

Try this

| makeresults | eval x="08/04/16 09:40:41.690" | eval y=strptime(x, "%m/%d/%y %H:%M:%S") | eval z=strftime(y, "%m/%d/%Y") | table x y z

View solution in original post

somesoni2 · ‎08-04-2016

Try this
To convert to epoch

your base search | eval testTime = strptime('message.facets.requestStart', "%m/%d/%Y %H:%M:%S:%N")

To convert to epoch and round to start of the day

your base search | eval testTime = relative_time(strptime('message.facets.requestStart', "%m/%d/%Y %H:%M:%S:%N"),"@d")

sundareshr · ‎08-04-2016

Try this

| makeresults | eval x="08/04/16 09:40:41.690" | eval y=strptime(x, "%m/%d/%y %H:%M:%S") | eval z=strftime(y, "%m/%d/%Y") | table x y z

Converting String to date

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform