Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get current GMT time?

Sundried
Explorer
‎07-22-2020 10:10 PM

I have a search: 

 

 

search | eval difference=now() - strptime(createdDate,"%Y-%m-%d %H:%M:%S.%3N")

 

 

 This works, except the createdDate field from my results are in GMT+0, whilst I'm in GMT+10 so there's 10 hours added to every result. I was going to just do a -36000 bandaid fix but after daylight savings this would break.

How can I get current GMT time?

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎07-23-2020 04:23 PM 
| makeresults
| eval time=strftime(_time,"%FT%T %:::z")
| eval offset = substr(time,21,23)
| eval time_args = if( -1 * offset >= 0, "+".substr(offset,2,3), printf("%03d",-1 * offset))
| eval GMT = ceil(relative_time(_time,time_args."h"))
| convert ctime(GMT)

now() returns epoch time(UTC). try my logic (change _time to now()).

View solution in original post

Reply
Solved! Jump to solution

niketn
Legend
‎07-23-2020 03:38 AM

@Sundried try the following SPL

| eval createdDate=strptime(strftime(createdDate,"%Y-%m-%d %H:%M:%S.%3N")."+0000","%Y-%m-%d %H:%M:%S.%3N%z")

 Following is a run anywhere example:

| makeresults
| eval currentTimeInGMT=strptime(strftime(now(),"%Y-%m-%d %H:%M:%S.%3N")."+0000","%Y-%m-%d %H:%M:%S.%3N%z")
| fieldformat currentTimeInGMT=strftime(currentTimeInGMT,"%Y-%m-%d %H:%M:%S.%3N")
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

Sundried
Explorer
‎07-23-2020 03:58 PM

@niketn 

This doesn't seem to get the current GMT time. At least not for me. I had to change the "+0000" to "+2000". In this case, won't it still fail after daylight savings?

0 Karma
Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎07-23-2020 04:23 PM 
| makeresults
| eval time=strftime(_time,"%FT%T %:::z")
| eval offset = substr(time,21,23)
| eval time_args = if( -1 * offset >= 0, "+".substr(offset,2,3), printf("%03d",-1 * offset))
| eval GMT = ceil(relative_time(_time,time_args."h"))
| convert ctime(GMT)

now() returns epoch time(UTC). try my logic (change _time to now()).

Reply
Solved! Jump to solution

Sundried
Explorer
‎07-23-2020 05:07 PM

@to4kawa it works, thanks!

0 Karma
Reply
Solved! Jump to solution

harsmarvania57
Ultra Champion
‎07-23-2020 02:36 AM

Change your user profile setting with timezone GMT.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top