Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Strptime bug?

ARothman
Path Finder
‎11-07-2012 08:44 AM

Has anyone else noticed that strptime does not work in the following situation?

VersionExpiry has a value of 9999-01-01 00:00:00 (or with any year greater than 2999)

eval VersionExpiryEpoch=strptime(VersionExpiry, "%Y-%m-%d %H:%M:%S")

Field "VersionExpiryEpoch" is never created

Does anyone have any workaround ideas to force Splunk in recognizing that existence may, in fact, continue past the year 2999? 😉

The raw data Splunk is receiving is indicating that the version, as of this moment, does not have an expiration date... hence the year 9999. I could, easily, hardcode it in the query that a value of 9999-01-01 00:00:00 means that the version is up to date, but I'd prefer that the function worked correctly.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dart
Splunk Employee
Splunk Employee
‎11-08-2012 08:33 AM

If you just need it to work on that specific far future date, then you could do something like this:

search goes here | eval VersionExpiryEpoch = coalesce(strptime(VersionExpiry, "%Y-%m-%d %H:%M:%S"), 253370786400)

View solution in original post

Reply
Solved! Jump to solution
Solution

dart
Splunk Employee
Splunk Employee
‎11-08-2012 08:33 AM

If you just need it to work on that specific far future date, then you could do something like this:

search goes here | eval VersionExpiryEpoch = coalesce(strptime(VersionExpiry, "%Y-%m-%d %H:%M:%S"), 253370786400)

Reply
Solved! Jump to solution

ARothman
Path Finder
‎11-08-2012 09:34 AM

Seems to have done the trick - thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...