Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to convert the time format to UK and 24 hour time?

aherrington
Path Finder
‎09-04-2018 03:13 AM

Hello,

I have a field called in_time with example output = 8/31/2018 10:21:59 PM (GMT)

I'd like this time (e.g. out_time) to be extracted and converted to read 31/08/2018 22:21:59

Can you help?

Many Thanks,

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎09-04-2018 06:01 AM

Take a look at the time and date functions for the eval command: http://docs.splunk.com/Documentation/Splunk/7.0.1/SearchReference/DateandTimeFunctions

You can use strptime to parse a string into a UNIX timestamp and then use strftime to print it to a string again in your preferred format.

Adjusting for timezone offsets can be done by adding the required number of seconds to the UNIX timestamp in between these 2 conversion steps.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

joshi_rajesh
New Member
‎03-07-2020 09:39 AM

I have the same question but I want this to be applicable to all the dasboard/reports/alerts/visualizations. Is there global settings at an 'application' level that will default it to UTC 24 hour rather than making changes for each individual panel?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎03-07-2020 10:58 AM

@joshi_rajesh This question is almost 2 years old with an accepted answer so there's not likely to be many people looking at it. You should post a new question explaining the problem you wish to resolve.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎09-04-2018 06:01 AM

Take a look at the time and date functions for the eval command: http://docs.splunk.com/Documentation/Splunk/7.0.1/SearchReference/DateandTimeFunctions

You can use strptime to parse a string into a UNIX timestamp and then use strftime to print it to a string again in your preferred format.

Adjusting for timezone offsets can be done by adding the required number of seconds to the UNIX timestamp in between these 2 conversion steps.

0 Karma
Reply
Solved! Jump to solution

aherrington
Path Finder
‎09-04-2018 06:11 AM

eval unix_time=strptime(in_time, "%m/%d/%Y %H:%M:%S" | fields unix_time

This is the command I have attempted but it throws up an error

0 Karma
Reply
Solved! Jump to solution

aherrington
Path Finder
‎09-04-2018 06:33 AM

Excellent I got it to work 🙂 - I added an hour to make it BST

eval unix_time=strptime(in_time, "%m/%d/%Y %I:%M:%S %p") + 3600 | eval time_out=strftime(unix_time, "%d/%m/%Y %H:%M") | fields out_time

Thank you for your help!

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎09-04-2018 06:43 AM

If you don't need the unix_time for anything, you can also do it in one eval:

eval time_out=strftime(strptime(in_time, "%m/%d/%Y %I:%M:%S %p") + 3600, "%d/%m/%Y %H:%M") | fields out_time
0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎09-04-2018 06:18 AM

What error?

Also: you probably want to use %I instead of %H and add a %p for the AM/PM part.

0 Karma
Reply
Solved! Jump to solution

aherrington
Path Finder
‎09-04-2018 04:35 AM

I also have times in format 31 August 2018 22:21 - can this be converted to 31/08/2018 22:21?

Many thanks,

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...