Solved: Re: time field extraction

krishnarajb2304 · ‎02-16-2017

How to extract the below data as time field,

2016-10-20 INFO ............................................................................ data|15 Feb '17| .............................
2016-10-20 INFO ............................................................................ data|16 Feb '17| .............................
2016-10-20 INFO ............................................................................ data|17 Feb '17| .............................

Extracted the _time field but, I need to extract the time field (myfield)....

myfield,
15 Feb '17
16 Feb '17
17 Feb '17

How to convert myfield to timestamp ?

vasanthmss · ‎02-16-2017

myfield is the string, epochvalue will have the epoch time. format will be %d %b '%y

your base search, | eval epochvalue=strptime(myfield,"%d %b '%y")

Read further on date variables & strptime https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Commontimeformatvariables

Sample:

|stats c | eval myfield="15 Feb '17" | eval epochvalue=strptime(myfield,"%d %b '%y")

V

View solution in original post

vasanthmss · ‎02-16-2017

myfield is the string, epochvalue will have the epoch time. format will be %d %b '%y

your base search, | eval epochvalue=strptime(myfield,"%d %b '%y")

Read further on date variables & strptime https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Commontimeformatvariables

Sample:

|stats c | eval myfield="15 Feb '17" | eval epochvalue=strptime(myfield,"%d %b '%y")

V

time field extraction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Join the Conversation