Re: how to convert a filename date to epoch time f...

OmarDee · ‎03-16-2015

stephane_cyrill · ‎03-17-2015

Hi,
Your question is not explicit but i will try to give you something.

use strftime(X, Y) :

This function takes an epochtime value, X, as the first argument and renders it as a string using the format
specified by Y for example :
... | eval n=strftime(_time, "%H:%M") here n content the values of the field _time but in term of hours and minutes only.

Use ctime(X)
This function Convert an epoch time to an ascii human readable time. Use timeformat option to specify exact format to convert to.

Example ... | convert timeformat="%H:%M:%S" ctime(_time) as timestr

So i think you can replace _time by your field that content your dates and for more types of time format you can take a look in
http://docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference
in the section Common date and time format variables

tachifelix · ‎03-17-2015

for convert filename date to epoch time format try something like this
.....| convert timeformat="%m/%d/%Y:%H:%M:%S" ctime(date) as date
look more detail in search reference manuel

musskopf · ‎03-16-2015

Hmm could pls provide more details/example?

how to convert a filename date to epoch time format?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!