Solved: Re: time command

shreyasamin64 · ‎12-14-2021

need help on using command strptime/strftime

EX: input: December 7, 2021 1:00:01 PM

output: 12/1/2021 13:00:01

ITWhisperer · ‎12-14-2021

| eval output=strftime(strptime(input,"%B %d, %Y %I:%M:%S %p"),"%m/%d/%Y %H:%M:%S")

View solution in original post

isoutamo · ‎12-14-2021

Hi

I didn't found formatter where day was without leading space so if this is really what you are wanting, you could try this.

| makeresults
| eval time1 = "December 7, 2021 1:00:01 PM"
| eval time2 = strptime(time1, "%B %e, %Y %I:%M:%S %p")
| eval time3 = strftime(time2, "%m/%e/%Y %H:%M:%S")
| rex field=time3 mode=sed "s,/\s(\d+)/,/\1/,g"
| table time1 time3

If you can accept leading zero then just change later %e -> %d and forget rex.

r. Ismo

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commontimeformatvariables

ITWhisperer · ‎12-14-2021

| eval output=strftime(strptime(input,"%B %d, %Y %I:%M:%S %p"),"%m/%d/%Y %H:%M:%S")

time command

timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation