Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to convert feb 1 01:03:20 2018 to epoch time?

priyanka0309
New Member
‎02-02-2018 01:38 PM

I am pulling data from DB connect to splunk. The DB has time value
feb 1 01:03:20 2018. I should convert this field to epoch time.

I am using the command eval reporteddate = strptime(LAST_UPDATE, "%m %d %Hh:%Mm:%Ss %Y") . Please let me know how to proceed with this

Tags (2)
0 Karma
Reply

somesoni2
Revered Legend
‎02-02-2018 02:34 PM

Try eval reporteddate = strptime(LAST_UPDATE, "%b %d %H:%M:%S %Y"). See this splunk documentation for time format variables that can be used.
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Commontimeformatvariables

Reply

abhishekroy168
Path Finder
‎03-05-2018 06:43 AM

I downvoted this post because still getting empty value for time

0 Karma
Reply

niketn
Legend
‎03-05-2018 07:21 AM

I am up voting the post because it works as expected for the provided sample date feb 1 01:03:20 2018
Following is the run anywhere search to test the same:

| makeresults
| eval LAST_UPDATE="feb 1 01:03:20 2018"
| eval reporteddate = strptime(LAST_UPDATE, "%b %d %H:%M:%S %Y")

@abhishekroy168, For us to assist you better, can you please provide sample Date format of what you have. If it differs from this question you can post your own question.

Downvoting should only be reserved for suggestions/solutions that could be potentially harmful for a Splunk environment or goes completely against known best practices. Simply commenting with constructive feedback on the post you are concerned with will be more beneficial for the community to learn from.

Some of the most active members in Answers have helped set the standard of how voting etiquette should work in the Splunk community which distinguishes our culture apart from other Q&A forums. Upvote early and often to give credit where it’s due for high quality posts, comment where you think feedback needs to be given, and only downvote if something potentially dangerous is suggested or people are just being inappropriate.

If you’re interested in seeing how this voting etiquette was developed, check out this Splunk Answers post: https://answers.splunk.com/answers/244111/proper-etiquette-and-timing-for-voting-here-on-ans.htmlon-...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...