Issue with strptime and strftime

deepak312 · ‎09-19-2016

I have a time input like below,

Mon Jul 13 09:30:00 PDT 2015

| eval human_readable_time= strftime(strptime(my_time, "%a %b %d %H:%M:%S %Z %Y"), "%m/%d/%y")

This doesn't return me anything. Not sure what is wrong. Any idea?
Second approach, I have tried is,

| eval human_readable_time= strftime(my_time, "%+")

marina_rovira · ‎05-18-2017

HI there!

Have any of you two find a solution do this? I'm trying to get a time period for a call useing this:
eval final=(strptime(EndTime, "%a %b %d %H:%M:%S %Z%z %Y") | eval start=strptime(StartTime, "%a %b %d %H:%M:%S %Z%z %Y")

And then the rest between final-start, but I'm getting both fields empty. Any idea?

Thank you!

gcusello · ‎09-20-2016

I tried your transformation and the first one correctly works (the second one no).
could you share a log example?
I tried with the following search

index=* | head 1 | eval my_time="Mon Jul 13 09:30:00 PDT 2015" | eval human_readable_time=strftime(strptime(my_time,"%a %b %d %H:%M:%S %Z %Y"),"%m/%d/%y") | table _time human_readable_time

Bye.
Giuseppe

Issue with strptime and strftime

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives

Join the Conversation

Issue with strptime and strftime

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives