Splunk Search

How to covert Date and Time with timezone display?

mail2uharishp
Observer

HI All,

My name group extracts date time filed in the below format
E.g: 21/Jan/2019 09:35:25 UTC

I would like to convert it to AEST format on the fly and also it should not provide me the timezone details, rather than changing the prop file.

Tags (2)
0 Karma
1 Solution

maityayan1996
Path Finder

Hi Harish you can try this way..
| eval "UTCepoch"= strptime(Date,"%d/%b/%Y %H:%M:%S %Z") , "AESTepoch=(UTCepoch +36000) , "AESTdate"= strftime(AESTepoch,"%d/%b/%Y %H:%M:%S %Z")

In this way you will get date format in UTC to AEST.
Here 36000 is time gap between UTC and AEST in seconds.

View solution in original post

0 Karma

jaxjohnny2000
Builder

Use this

Search... | eval "Local_Time"= strftime(_time,"%d/%b/%Y %H:%M:%S %Z")

0 Karma

jaxjohnny2000
Builder

Another option

| eval "Event_Time"= strftime(_time,"%m/%d/%Y %H:%M:%S %Z")

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commontimeformatvariables

0 Karma

woodcock
Esteemed Legend

Login to Splunk, go to Your Login Name Here -> Preferences -> Time zone and pick your preferred presentation TZ. Then in your searches, on the Events tab, make sure that you select Table or List view (above the i). You will now have a separate Tme (or _time) column that shows the TZ-adjusted time.

0 Karma

mail2uharishp
Observer

Hi Woodcock,

Thank you for your response, however was not preferring to change any preferences or prop file to get the desired out come, I was looking to change the time change on the fily .

0 Karma

maityayan1996
Path Finder

Hi Harish you can try this way..
| eval "UTCepoch"= strptime(Date,"%d/%b/%Y %H:%M:%S %Z") , "AESTepoch=(UTCepoch +36000) , "AESTdate"= strftime(AESTepoch,"%d/%b/%Y %H:%M:%S %Z")

In this way you will get date format in UTC to AEST.
Here 36000 is time gap between UTC and AEST in seconds.

0 Karma

mail2uharishp
Observer

Hi Maityayan,

in the above eval function we have hardcoded 36000 sec addition to UTC time, however during the daylight changes it will be made to 39600, Can i get to do that calculation dynamically?

Thanks,
Harish

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...