How come strptime does not work for some days?

shaileshmali · ‎03-22-2019

There seems to be some issue with the strptime function. I'm not sure why it works for few days and does not work for few days.

works

index=_internal 
| eval Disconnect_Time="02/05/2019 08:22:40" 
| eval last_updated_date_epoch=strptime(Disconnect_Time,"%d/%m/%Y %H:%M:%S") 
| eval now=now() 
| eval diff=last_updated_date_epoch-now() 
| eval duration=diff/3600/24 
| table Disconnect_Time,last_updated_date_epoch,now,diff,duration

Does not work

index=_internal 
| eval Disconnect_Time="02/13/2019 08:22:40" 
| eval last_updated_date_epoch=strptime(Disconnect_Time,"%d/%m/%Y %H:%M:%S") 
| eval now=now() 
| eval diff=last_updated_date_epoch-now() 
| eval duration=diff/3600/24 
| table Disconnect_Time,last_updated_date_epoch,now,diff,duration

FrankVl · ‎03-22-2019

Because 13 is not a valid month number 😉

Think you need to swap the %d and %m in your time format 🙂

How come strptime does not work for some days?

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Are you a member of the Splunk Community?

How come strptime does not work for some days?

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code