Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Striftime Error or Settings questions

hyungjoon
New Member
‎12-17-2018 05:57 AM

For some reason when I have Time as below, and use (| eval SortingTime=strftime(SortingTime, " %H:%M:%S") I always get exactly 1more hour to what I should get.

alt text

So if I use | eval SortingTime=strftime(SortingTime, " %H:%M:%S") , I would get 01:23:39 instead of 00:23:39 and same goes for everytime I try to use strftime, I always get an extra hour

I have 2 accounts. one account seems to get the right strftime but the other one always adds an extra hour to strftime. Is there something wrong with my settings???

Tags (1)
Preview file
5 KB
0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-17-2018 06:05 AM

Do you have timezone specified for account in which you are getting +1 hour ?

Or try below query

<yourBaseSearch>
| eval SortingTime=tostring(SortingTime, "duration")
0 Karma
Reply

hyungjoon
New Member
‎12-17-2018 07:55 AM

yes I have timezone specified for both account but they are specified to the same timezone. I don't know why one would give me +1 hour while the other won't. Is there anyway I can fix this?

0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-17-2018 08:56 AM

If you would like to convert 1419.000000 into Duration then you need to use | eval SortingTime=tostring(SortingTime, "duration")

0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-17-2018 08:55 AM

If you would like to convert 1419.000000 into Duration then you need to use | eval SortingTime=tostring(SortingTime, "duration")

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...