Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Convert timestamp from BST to EDT

davidcraven02
Communicator
‎06-13-2018 02:13 AM

My approach was to subtract 5 hours (18000 seconds) from the timestamp but when using the below line I get no results.

| eval timestamp =  timestamp - 18000

Full Query without subtraction

index=duo extracted_eventtype=authentication integration="Microsoft RDP" username=*
| eval Time=strftime(timestamp, "%H:%M") 
| eval day=strftime(timestamp, "%Y-%m-%d") 
| stats earliest(Time) by day, username  
| rename earliest(Time) as LogonTime 
| table username, day, LogonTime  
| sort username

I included the timestamp in the table to show its format.
alt text

Preview file
15 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎06-13-2018 02:28 AM

Try the substraction with the original time fields "_time" or convert it using strptime

     | eval BST_Time= _time - 18000

or use the relative_time function

|eval BST_Time=relative_time(_time,"-5h")
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎06-13-2018 02:28 AM

Try the substraction with the original time fields "_time" or convert it using strptime

     | eval BST_Time= _time - 18000

or use the relative_time function

|eval BST_Time=relative_time(_time,"-5h")
---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply
Solved! Jump to solution

davidcraven02
Communicator
‎06-13-2018 03:39 AM

Thank you this worked.

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...