Splunk Search

How to convert function to return epoch time 3 hours later?

brdr
Contributor

Here is my date format I would like to convert to epoch for later processing.

My date formate is: 3/5/2018 17:03
My commands below:

| gentimes start=-1 | eval myDate="3/5/2018 17:03" 
| convert timeformat="%m/%d/%Y %H:%M" mktime(myDate) as epoch
| table epoch 

Yields epoch of 1520287380, which is March 5, 2018 10:03:00 PM

Any idea why it calculates 3 hours ahead?

NOTE: I have set my timezone to my location.

Tags (3)
0 Karma
1 Solution

damien_chillet
Builder

1520287380 is March 5, 2018 10:03:00 PM GMT
Splunk assumes that myDate's timezone is the one you indicated in your account settings before converting to epoch.

If you do, the following, you will see epoch match the date because you specified GMT timezone

| gentimes start=-1 | eval myDate="3/5/2018 17:03 +0000" 
 | convert timeformat="%m/%d/%Y %H:%M %z" mktime(myDate) as epoch
 | table epoch 

View solution in original post

0 Karma

brdr
Contributor

I did set my timezone appropriately in my account settings. Logged out and back in and tried with no affect. But the solution you provided is perfect! thx.

0 Karma

damien_chillet
Builder

Converted my command to an answer,
Could you please accept it to close the question?

0 Karma

damien_chillet
Builder

1520287380 is March 5, 2018 10:03:00 PM GMT
Splunk assumes that myDate's timezone is the one you indicated in your account settings before converting to epoch.

If you do, the following, you will see epoch match the date because you specified GMT timezone

| gentimes start=-1 | eval myDate="3/5/2018 17:03 +0000" 
 | convert timeformat="%m/%d/%Y %H:%M %z" mktime(myDate) as epoch
 | table epoch 
0 Karma

brdr
Contributor

yes, when it is converted back it converts to same as myDate. I'm not 3 hours behind gmt,

0 Karma

damien_chillet
Builder

17:03 is 5PM so that would be 5 hours behind GMT 🙂

0 Karma

maciep
Champion

isn't epoch in gmt? Are you 3 hours behind gmt? If you do ... | convert ctime(epoch), does it convert it back to your timezone correctly?

Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...