How to convert time from an upload csv to Splunk r...

phamxuantung · ‎04-06-2022

I have a csv file that I upload through Lookup Editor which have a Time column in this format

15/06/2021 14:35:00

I want to convert it to Splunk readable time or an Unix time format so I can filter out the row between two certain date (between 14/06/2021 and 7/7/2021).

I have try

|inputlookup sample.csv
|eval time = strptime(Time,"%m/%d/%Y %I:%M:%S %p")
|table time

But it return "No result found".

How do I go about this? Or my strptime have any errors in formatting?

mayurr98 · ‎04-06-2022

Hi its because you are using wrong time format:

use this:

| eval time = strptime(Time,"%d/%m/%Y %H:%M:%S")

Accept/upvote if this helps!

PickleRick · ‎04-06-2022

Apparently either your lookup doesn't have field called Time or you gave wrong time format to strptime (which you did - there is no " %p" part in there for sure).

phamxuantung · ‎04-06-2022

My csv file do have a 'Time' field, and even when I change my eval to

eval time = strptime(Time, "%m/%d/%Y %H:%M:%S")

it still return nothing as show below.

yuanliu · ‎04-06-2022

Based on the sample data and screenshot, I am convinced that the first number is %d and the second is %m.

| eval time = strptime(Time, "%d/%m/%Y %H:%M:%S")

How to convert time from an upload csv to Splunk readable format

eval

table

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?