Solved: Re: time field extraction

krishnarajb2304 · ‎02-16-2017

How to extract the below data as time field,

2016-10-20 INFO ............................................................................ data|15 Feb '17| .............................
2016-10-20 INFO ............................................................................ data|16 Feb '17| .............................
2016-10-20 INFO ............................................................................ data|17 Feb '17| .............................

Extracted the _time field but, I need to extract the time field (myfield)....

myfield,
15 Feb '17
16 Feb '17
17 Feb '17

How to convert myfield to timestamp ?

vasanthmss · ‎02-16-2017

myfield is the string, epochvalue will have the epoch time. format will be %d %b '%y

your base search, | eval epochvalue=strptime(myfield,"%d %b '%y")

Read further on date variables & strptime https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Commontimeformatvariables

Sample:

|stats c | eval myfield="15 Feb '17" | eval epochvalue=strptime(myfield,"%d %b '%y")

V

View solution in original post

vasanthmss · ‎02-16-2017

myfield is the string, epochvalue will have the epoch time. format will be %d %b '%y

your base search, | eval epochvalue=strptime(myfield,"%d %b '%y")

Read further on date variables & strptime https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Commontimeformatvariables

Sample:

|stats c | eval myfield="15 Feb '17" | eval epochvalue=strptime(myfield,"%d %b '%y")

V

time field extraction

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!