Solved: Issue with strptime

sethinkbold · ‎05-05-2020

I am trying to convert a date / time into 24 hour format using strptime. Here's the example:
OpenedAt = 5/4/2019 9:04:46 PM

I convert it to epoch using the following statement:
eval new_time=strptime(OpenedAt,"%m/%d/%Y %H:%M:%S %p")

When I test it again, it still dosn't show in 24 hour format:
eval new_time2=strftime(new_time,"%m/%d/%Y %T")

05/04/2019 09:04:46

vnravikumar · ‎05-05-2020

Hi

Check this

| makeresults 
| eval date="5/4/2019 9:04:46 PM",new_date=strftime(strptime(date,"%d/%m/%Y %I:%M:%S %p"),"%d/%m/%Y %H:%M:%S")

View solution in original post

to4kawa · ‎05-05-2020

| makeresults 
| eval OpenedAt ="5/4/2019 9:04:46 PM" 
| eval new_time=strptime(OpenedAt,"%m/%d/%Y %I:%M:%S %p") 
| eval new_time2=strftime(new_time,"%m/%d/%Y %T")

see reference.
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commontimeformatvariables

vnravikumar · ‎05-05-2020

Hi

Check this

| makeresults 
| eval date="5/4/2019 9:04:46 PM",new_date=strftime(strptime(date,"%d/%m/%Y %I:%M:%S %p"),"%d/%m/%Y %H:%M:%S")

Issue with strptime

eval

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation