Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to convert time from an upload csv to Splunk readable format

phamxuantung
Communicator
‎04-06-2022 08:42 PM

I have a csv file that I upload through Lookup Editor which have a Time column in this format

15/06/2021 14:35:00

I want to convert it to Splunk readable time or an Unix time format so I can filter out the row between two certain date (between 14/06/2021 and 7/7/2021).

I have try

|inputlookup sample.csv
|eval time = strptime(Time,"%m/%d/%Y %I:%M:%S %p")
|table time

But it return "No result found".

How do I go about this? Or my strptime have any errors in formatting?

Labels (2)
Labels
0 Karma
Reply

mayurr98
Super Champion
‎04-06-2022 10:21 PM

Hi its because you are using wrong time format:

 

use this:

 

| eval time = strptime(Time,"%d/%m/%Y %H:%M:%S")

Accept/upvote if this helps!

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-06-2022 09:29 PM

Apparently either your lookup doesn't have field called Time or you gave wrong time format to strptime (which you did - there is no " %p" part in there for sure).

0 Karma
Reply

phamxuantung
Communicator
‎04-06-2022 09:46 PM

My csv file do have a 'Time' field, and even when I change my eval to

eval time = strptime(Time, "%m/%d/%Y %H:%M:%S")

it still return nothing as show below.

Capture.PNG

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎04-06-2022 10:27 PM

Based on the sample data and screenshot, I am convinced that the first number is %d and the second is %m.

| eval time = strptime(Time, "%d/%m/%Y %H:%M:%S")
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...