Solved: Unable to eval correct epoch time

smuderasi · ‎08-22-2017

host=*****|  eval Time="17:00:00"|eval Time2="13:00:00" |eval Time=strptime(Time,"%H:%M:%S")  |eval Time2=strptime(Time2,"%H:%M:%S")  | table Time Time2

is giving the epoch time as
Time :1503327600.000000

Time2 :1503399600.000000

when I do a comparison of Time>Time2 is returning wrong result since the epoch is Time2 is greater.
Please help.

cmerriman · ‎08-22-2017

try using |convert dur2sec(Time) as Time timeformat="%H:%M:%S" and the same for Time2 instead of strptime.
https://docs.splunk.com/Documentation/SplunkCloud/6.6.1/SearchReference/Convert

View solution in original post

cmerriman · ‎08-22-2017

try using |convert dur2sec(Time) as Time timeformat="%H:%M:%S" and the same for Time2 instead of strptime.
https://docs.splunk.com/Documentation/SplunkCloud/6.6.1/SearchReference/Convert

smuderasi · ‎08-22-2017

thanks this worked

Unable to eval correct epoch time

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Are you a member of the Splunk Community?

Unable to eval correct epoch time

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025