Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to convert date

hank72
Path Finder
‎09-30-2022 10:55 PM

How to convert Windows lastLogonTimestamp from this format 07:17.45 PM, Fri 09/30/2022 to 09/30/2022 19:17:45

Thank you

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-01-2022 06:29 AM

Hi @hank72,

sorry, my error:

| eval lastLogonTimestamp=strftime(strptime(lastLogonTimestamp,"%I:%M.%S %p, %a %m/%d/%Y"),"%m/%d/%Y %H:%M:%S")

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎09-30-2022 11:13 PM

Hi @hank72,

to convert a date, you have to transform it in epochtime (using strptime) and then again the output format (using strftime) in an eval command, something like this:

| eval lastLogonTimestamp=strftime(strptime(lastLogonTimestamp,"%H:%M.%S %p, %a %m/%d/%Y"),"%m/%d/%Y %H:%M:%S")

 for more infos see at 

https://docs.splunk.com/Documentation/SCS/current/SearchReference/DateandTimeFunctions#strptime.28.2...

https://docs.splunk.com/Documentation/SCS/current/SearchReference/DateandTimeFunctions#strftime.28.2...

Ciao.

Giuseppe

Reply
Solved! Jump to solution

hank72
Path Finder
‎09-30-2022 11:25 PM

Thank you Giuseppe, however my time is still showing up as 07:17:45 and not as 19:17:45

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-01-2022 06:29 AM

Hi @hank72,

sorry, my error:

| eval lastLogonTimestamp=strftime(strptime(lastLogonTimestamp,"%I:%M.%S %p, %a %m/%d/%Y"),"%m/%d/%Y %H:%M:%S")

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

hank72
Path Finder
‎10-01-2022 06:50 PM

Thank you!  It worked!

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-01-2022 10:40 PM

Hi @hank72,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...