Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Have problem with my timestamp format

jcvytla
New Member
‎04-04-2018 12:34 PM

I'm trying to do forecasting on hourly data. I'm getting error , even though I change my time format. need help in converting "3/5/2018 0:49" into unix time stamp.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎04-04-2018 12:40 PM

try this:

| makeresults count=1 | eval time = "3/5/2018 0:49"
| eval in_epoch = strptime(time, "%m/%d/%Y %H:%M")

hope it helps

View solution in original post

0 Karma
Reply
Solved! Jump to solution

lsnow_splunk
Splunk Employee
Splunk Employee
‎04-04-2018 12:48 PM

Hi, @jcvytla-

Check out the "convert" command. The syntax for your case would look something like

convert timeformat=%m/%d/%Y %H:%M mktime(existing_time_field) AS epoch_time

but double check the time format if it doesn't seem to be working for you - the lack of leading zeroes in your timestamp might mean that you have to tweak that.

0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎04-04-2018 12:40 PM

try this:

| makeresults count=1 | eval time = "3/5/2018 0:49"
| eval in_epoch = strptime(time, "%m/%d/%Y %H:%M")

hope it helps

0 Karma
Reply
Solved! Jump to solution

jcvytla
New Member
‎04-04-2018 12:47 PM

Could you please help me with time chart for the same time format?

Thanks in advance

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎04-04-2018 12:50 PM

for timechart youll need to convert your time to the field _time
same thing, and now you can | timechart ... as foo | predict foo

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...