Splunk Search

Getting eval error "Typechecking failed, '-' only takes numbers." How to convert Zulu time format to Epoch using strptime?

ITCrowd
Engager

(index=unix) (sourcetype="web") | eval Time.atFirewall=DateOutbound-DateInbound | eval Time.atDataCentre=strptime(index_time,"yyyy-MM-dd'T'HH:mm:ss.SSSZ") | eval Time.SendGrid=Time.atDataCentre-DateInbound | table index_time DateInbound DateOutbound Time.atFirewall Time.atDataCentre

I get this in search:
Error in 'eval' command: Typechecking failed. '-' only takes numbers.

DateOutbound & DateInbound are Epoch Time fields, and I wanted to convert index time to Epoch to do the maths. It seems that Time.atDataCentre is not assigned an Epoch time value, it's not a number, hence the Error message from Splunk. I am following the documentation on strptime, so puzzled.

Anyone ever convert long date / Zulu date to Epoch time?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Your strptime() format string is incorrect. You probably want something like strptime(index_time,"%Y-%m-%dT%H:%M:%S.%3NZ"). See aholzer's comment for a link to the docs.

---
If this reply helps you, Karma would be appreciated.

aholzer
Motivator

A few of things:

  1. is "index_time" a field in your results? or are you referring to the Splunk index time, which is referred to as "_indextime"?
  2. If you ARE referring to _indextime, then it is unnecessary to try to convert it to Epoch time as it already comes in Epoch time.
  3. When using strptime you must conform to using this specific set of time/date formats to define the format of the conversion.

Hope this helps

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...