Solved: How to convert this string into a usable time form...

jperezes · ‎03-02-2017

Hi and thanks in advance,

I am trying to convert the following time example field:

2017-03-02T09:41:38.405Z

into a Splunk time format so I can get time windows to use in streamstats.
thing is with the T in the middle and the Z at the end, all the tries I am doing with strptime are failing.
I tried the following:

|eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S.%3QZ")

but no luck, any idea?

Rgds,
Juan

woodcock · ‎03-02-2017

2017-03-02T09:41:38.405Z

Like this (The trailing Z is for Zulu, AKA GMT so you need to grab the TZ with %Z😞

| eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S.%3N%Z")

View solution in original post

woodcock · ‎03-02-2017

2017-03-02T09:41:38.405Z

Like this (The trailing Z is for Zulu, AKA GMT so you need to grab the TZ with %Z😞

| eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S.%3N%Z")

jperezes · ‎03-08-2017

Thanks, sorry for late reply but was trying bits and pieces but couldn't get what I wanted; get the streamstats based on next time specifiead in the json data, not the arrival time. So far no luck on all my tries, not sure if is possible. Will post another question.

Thanks anyway.

How to convert this string into a usable time format?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Join the Conversation