How come strptime does not work for some days?

shaileshmali · ‎03-22-2019

There seems to be some issue with the strptime function. I'm not sure why it works for few days and does not work for few days.

works

index=_internal 
| eval Disconnect_Time="02/05/2019 08:22:40" 
| eval last_updated_date_epoch=strptime(Disconnect_Time,"%d/%m/%Y %H:%M:%S") 
| eval now=now() 
| eval diff=last_updated_date_epoch-now() 
| eval duration=diff/3600/24 
| table Disconnect_Time,last_updated_date_epoch,now,diff,duration

Does not work

index=_internal 
| eval Disconnect_Time="02/13/2019 08:22:40" 
| eval last_updated_date_epoch=strptime(Disconnect_Time,"%d/%m/%Y %H:%M:%S") 
| eval now=now() 
| eval diff=last_updated_date_epoch-now() 
| eval duration=diff/3600/24 
| table Disconnect_Time,last_updated_date_epoch,now,diff,duration

FrankVl · ‎03-22-2019

Because 13 is not a valid month number 😉

Think you need to swap the %d and %m in your time format 🙂

How come strptime does not work for some days?

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?