Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to convert time from an upload csv to Splunk readable format

phamxuantung
Communicator
‎04-06-2022 08:42 PM

I have a csv file that I upload through Lookup Editor which have a Time column in this format

15/06/2021 14:35:00

I want to convert it to Splunk readable time or an Unix time format so I can filter out the row between two certain date (between 14/06/2021 and 7/7/2021).

I have try

|inputlookup sample.csv
|eval time = strptime(Time,"%m/%d/%Y %I:%M:%S %p")
|table time

But it return "No result found".

How do I go about this? Or my strptime have any errors in formatting?

Labels (2)
Labels
0 Karma
Reply

mayurr98
Super Champion
‎04-06-2022 10:21 PM

Hi its because you are using wrong time format:

 

use this:

 

| eval time = strptime(Time,"%d/%m/%Y %H:%M:%S")

Accept/upvote if this helps!

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-06-2022 09:29 PM

Apparently either your lookup doesn't have field called Time or you gave wrong time format to strptime (which you did - there is no " %p" part in there for sure).

0 Karma
Reply

phamxuantung
Communicator
‎04-06-2022 09:46 PM

My csv file do have a 'Time' field, and even when I change my eval to

eval time = strptime(Time, "%m/%d/%Y %H:%M:%S")

it still return nothing as show below.

Capture.PNG

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎04-06-2022 10:27 PM

Based on the sample data and screenshot, I am convinced that the first number is %d and the second is %m.

| eval time = strptime(Time, "%d/%m/%Y %H:%M:%S")
0 Karma
Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...