Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to convert feb 1 01:03:20 2018 to epoch time?

priyanka0309
New Member
‎02-02-2018 01:38 PM

I am pulling data from DB connect to splunk. The DB has time value
feb 1 01:03:20 2018. I should convert this field to epoch time.

I am using the command eval reporteddate = strptime(LAST_UPDATE, "%m %d %Hh:%Mm:%Ss %Y") . Please let me know how to proceed with this

Tags (2)
0 Karma
Reply

somesoni2
Revered Legend
‎02-02-2018 02:34 PM

Try eval reporteddate = strptime(LAST_UPDATE, "%b %d %H:%M:%S %Y"). See this splunk documentation for time format variables that can be used.
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Commontimeformatvariables

Reply

abhishekroy168
Path Finder
‎03-05-2018 06:43 AM

I downvoted this post because still getting empty value for time

0 Karma
Reply

niketn
Legend
‎03-05-2018 07:21 AM

I am up voting the post because it works as expected for the provided sample date feb 1 01:03:20 2018
Following is the run anywhere search to test the same:

| makeresults
| eval LAST_UPDATE="feb 1 01:03:20 2018"
| eval reporteddate = strptime(LAST_UPDATE, "%b %d %H:%M:%S %Y")

@abhishekroy168, For us to assist you better, can you please provide sample Date format of what you have. If it differs from this question you can post your own question.

Downvoting should only be reserved for suggestions/solutions that could be potentially harmful for a Splunk environment or goes completely against known best practices. Simply commenting with constructive feedback on the post you are concerned with will be more beneficial for the community to learn from.

Some of the most active members in Answers have helped set the standard of how voting etiquette should work in the Splunk community which distinguishes our culture apart from other Q&A forums. Upvote early and often to give credit where it’s due for high quality posts, comment where you think feedback needs to be given, and only downvote if something potentially dangerous is suggested or people are just being inappropriate.

If you’re interested in seeing how this voting etiquette was developed, check out this Splunk Answers post: https://answers.splunk.com/answers/244111/proper-etiquette-and-timing-for-voting-here-on-ans.htmlon-...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...