Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to convert date

hank72
Path Finder
‎09-30-2022 10:55 PM

How to convert Windows lastLogonTimestamp from this format 07:17.45 PM, Fri 09/30/2022 to 09/30/2022 19:17:45

Thank you

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-01-2022 06:29 AM

Hi @hank72,

sorry, my error:

| eval lastLogonTimestamp=strftime(strptime(lastLogonTimestamp,"%I:%M.%S %p, %a %m/%d/%Y"),"%m/%d/%Y %H:%M:%S")

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎09-30-2022 11:13 PM

Hi @hank72,

to convert a date, you have to transform it in epochtime (using strptime) and then again the output format (using strftime) in an eval command, something like this:

| eval lastLogonTimestamp=strftime(strptime(lastLogonTimestamp,"%H:%M.%S %p, %a %m/%d/%Y"),"%m/%d/%Y %H:%M:%S")

 for more infos see at 

https://docs.splunk.com/Documentation/SCS/current/SearchReference/DateandTimeFunctions#strptime.28.2...

https://docs.splunk.com/Documentation/SCS/current/SearchReference/DateandTimeFunctions#strftime.28.2...

Ciao.

Giuseppe

Reply
Solved! Jump to solution

hank72
Path Finder
‎09-30-2022 11:25 PM

Thank you Giuseppe, however my time is still showing up as 07:17:45 and not as 19:17:45

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-01-2022 06:29 AM

Hi @hank72,

sorry, my error:

| eval lastLogonTimestamp=strftime(strptime(lastLogonTimestamp,"%I:%M.%S %p, %a %m/%d/%Y"),"%m/%d/%Y %H:%M:%S")

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

hank72
Path Finder
‎10-01-2022 06:50 PM

Thank you!  It worked!

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-01-2022 10:40 PM

Hi @hank72,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...