Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Timezone- Could you please help me convert all the values to a standard  timezone(UTC)?

ranjithan
Path Finder
‎10-23-2022 07:27 AM

Hi Community,

Please help me..

I have a field Expiration with values having different timezones . Could you please help me convert all the values to a standard  timezone(UTC).  Any help would be appreciated.  Thanks in advance

Expiration

18:02:56 EDT Oct 5 2022
12:02:56 CDT Oct 5 2022
13:02:56 EDT Oct 5 2022
18:02:56 CDT Oct 5 2022
18:59:59 EST Nov 15 2022
19:59:59 EDT Oct 5 2022
17:02:56 UTC Oct 5 2022
18:59:59 CDT Oct 5 2022
Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-23-2022 07:44 AM

Hi @ranjithan,

you could extract the timezone from the field and then put in a lookup the convertion factor.

so create a lookup called timezone_convertion_factor.csv with two columns: timezone, convertion_factor like the following (in the real case, obviously put all the values that you can find in many sites as https://en.wikipedia.org/wiki/List_of_tz_database_time_zones😞

 

timezone convertion_factor
EDT -5
CDT -6
EST -5
UTC 0

 

 you could run something like this:

 

<your_search>
| eval timezone=strftime(Expiration,"%Z")
| lookup timezone_convertion_factor.csv timezone OUTPUT convertion_factor
| eval Expitarion_UTC=Expitarion+convertion_factor*3600
| table Expitarion_UTC

 

Ciao.

Giuseppe

 

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-23-2022 07:44 AM

Hi @ranjithan,

you could extract the timezone from the field and then put in a lookup the convertion factor.

so create a lookup called timezone_convertion_factor.csv with two columns: timezone, convertion_factor like the following (in the real case, obviously put all the values that you can find in many sites as https://en.wikipedia.org/wiki/List_of_tz_database_time_zones😞

 

timezone convertion_factor
EDT -5
CDT -6
EST -5
UTC 0

 

 you could run something like this:

 

<your_search>
| eval timezone=strftime(Expiration,"%Z")
| lookup timezone_convertion_factor.csv timezone OUTPUT convertion_factor
| eval Expitarion_UTC=Expitarion+convertion_factor*3600
| table Expitarion_UTC

 

Ciao.

Giuseppe

 

Reply
Solved! Jump to solution

ranjithan
Path Finder
‎10-23-2022 08:41 AM

Thank you so much   .    Also I just realised that using   %Z  with strptime automatically converts to epoch time from any time zone and this also can  standardise the time    for time calculations.  

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-23-2022 11:31 PM

HI @ranjithan,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Solved! Jump to solution

ranjithan
Path Finder
‎10-24-2022 02:56 AM

Thanks again for your help! 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...