Solved: Re: time field extraction

krishnarajb2304 · ‎02-16-2017

How to extract the below data as time field,

2016-10-20 INFO ............................................................................ data|15 Feb '17| .............................
2016-10-20 INFO ............................................................................ data|16 Feb '17| .............................
2016-10-20 INFO ............................................................................ data|17 Feb '17| .............................

Extracted the _time field but, I need to extract the time field (myfield)....

myfield,
15 Feb '17
16 Feb '17
17 Feb '17

How to convert myfield to timestamp ?

vasanthmss · ‎02-16-2017

myfield is the string, epochvalue will have the epoch time. format will be %d %b '%y

your base search, | eval epochvalue=strptime(myfield,"%d %b '%y")

Read further on date variables & strptime https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Commontimeformatvariables

Sample:

|stats c | eval myfield="15 Feb '17" | eval epochvalue=strptime(myfield,"%d %b '%y")

V

View solution in original post

vasanthmss · ‎02-16-2017

myfield is the string, epochvalue will have the epoch time. format will be %d %b '%y

your base search, | eval epochvalue=strptime(myfield,"%d %b '%y")

Read further on date variables & strptime https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Commontimeformatvariables

Sample:

|stats c | eval myfield="15 Feb '17" | eval epochvalue=strptime(myfield,"%d %b '%y")

V

time field extraction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation