Solved: Need help in some time conversion

jerinvarghese · ‎02-28-2020

HI all,

Need help in getting below code adjust to get the value as expected.

index=nw_syslog "DDOS_PROTOCOL_VIOLATION_SET" AND ( "*USDAL*" OR "*USEMC*" OR "*NLACO*" OR "*SGPNH*" OR "*USHCO*" OR "*INMCO*" OR "*CACCO*" OR "*CATRC*" OR "*GBLHD*") ARP
 | stats  latest(_time) as Time_CST count by hostname
  | sort - Time_CST
 | fieldformat Time_CST=strftime(Time_CST,"%x %X")

Current Output

hostname    Time_CST    count
USEMCPOD07-DCNPS3003    02/28/20 06:41:37   3
USEMCPOD07-DCNPS3001    02/28/20 06:41:36   3
USEMCPOD07-DCNPS3002    02/28/20 06:41:36   3
USEMCPOD07-DCNPS3004    02/28/20 06:41:36   2

Expected output.: minus the second.

hostname    Time_CST    count
USEMCPOD07-DCNPS3003    02/28/20 06:41  3
USEMCPOD07-DCNPS3001    02/28/20 06:41  3
USEMCPOD07-DCNPS3002    02/28/20 06:41  3
USEMCPOD07-DCNPS3004    02/28/20 06:41  2

nickhills · ‎02-28-2020

Hi @jerinvarghese

Use:
strftime(Time_CST,"%m/%d/%y %H:%M")

If my comment helps, please give it a thumbs up!

View solution in original post

nickhills · ‎02-28-2020

Hi @jerinvarghese

Use:
strftime(Time_CST,"%m/%d/%y %H:%M")

If my comment helps, please give it a thumbs up!

jerinvarghese · ‎02-28-2020

thanks so much, that worked..

Need help in some time conversion

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

Detect and Resolve Issues in a Kubernetes Environment