Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to convert the GMT timezone to EST timezone at search time?

abhi04
Communicator
‎10-22-2018 02:40 AM

Hi,

I have a field named "statusChanged" as shown below. I need to convert this (GMT) to EST . please help on the same.

statusChanged: 2018-10-17T15:29:32.000Z

0 Karma
Reply

abhi04
Communicator
‎10-23-2018 12:50 AM

eval EST_Time=strftime(strptime(statusChanged,"%Y-%m-%dT%H:%M:%S.%3N%Z"),"%Y-%m-%d %H:%M:%S")

0 Karma
Reply

somesoni2
Revered Legend
‎10-22-2018 07:00 AM

There are no direct function available to do so , but you can try workarounds provided in this post: https://answers.splunk.com/answers/241917/timezone-conversion-function.html

Reply

abhi04
Communicator
‎10-22-2018 08:47 AM

@somesoni2 The below worked .

eval EST_Time=strftime(strptime(statusChanged,"%Y-%m-%dT%H:%M:%S.%3N%Z"),"%Y-%m-%d %H:%M:%S")

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...