×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
timbitsandbytes
Engager
Member since: ‎01-18-2013
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-18-2013
Activity Feed
View All

Re: Difficult date time conversion

by in Splunk Search
‎01-21-2013 07:11 AM
‎01-21-2013 07:11 AM
I see - I would not have caught that. But your sed/regex works great. Thanks very much! ... View more

Re: Difficult date time conversion

by in Splunk Search
‎01-18-2013 10:26 AM
‎01-18-2013 10:26 AM
Yes, thanks. Unfortunately when I copied the search string (on a network that doesn't have access to the Internet) I miscopied it. It's been corrected above. ... View more

Difficult date time conversion

by in Splunk Search
‎01-18-2013 09:38 AM
‎01-18-2013 09:38 AM
Well it's a difficult conversion for me, anyway. Here's the field: dateTime=Fri Jan 18 17:11:55 GMT+00:00 2013 I want to convert it to seconds since the epoch so I can do a date comparison. I don't think there's a way for Splunk to recognize the tz offset as "+00:00" so first I transform that to "+0000". eval dtFormatted=replace(dateTime, ":", "") | eval dtSeconds=strptime(dtFormatted, "%a %b %d %H%M%S %Z%:z %Y") In my search results "dtFormatted" is discovered and I've verified it's properly formatted but "dtSeconds" is not discovered. What am I doing wrong? Why can't I convert this string to seconds? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All