I have a extracted field from the raw data including time data like:
Now I want to convert this field like the _time field in splunk.
How can I convert this?
Thanks a lot!
currentTimeField example - 16.09.23;11:05:11:652
considering _time as example - 2016-09-26 11:00
| eval finalTimeFormat = strftime(strptime(currentTimeField,"%y.%m.%d;%H:%M:%S:%3N"),"%Y-%m-%d %H:%M")
View solution in original post