Solved: Can you help me format system time?

jip31 · ‎12-26-2018

hi,

I need to format SystemTime='2018-12-27T04:26:29.200782700Z' like this :
yy:mm:dd hh:mm

Could you help me please???

p_gurav · ‎12-27-2018

Try this:

| eval t=strptime(SystemTime, "%Y-%m-%dT%H:%M:%S.%9Q") | eval t1=strftime(t, "%Y-%m-%d %H:%M")

View solution in original post

p_gurav · ‎12-27-2018

Try this:

| eval t=strptime(SystemTime, "%Y-%m-%dT%H:%M:%S.%9Q") | eval t1=strftime(t, "%Y-%m-%d %H:%M")

View solution in original post

richgalloway · ‎12-27-2018

Don't forget the "%Z" in the strptime format string to pick up the time zone. Also, use "%y" for two-digit year.

You can also combine these commands into a single eval: | eval SystemTime=strftime(strptime(SystemTime, "%Y-%m-%dT%H:%M:%S.%9Q%Z"), "%y-%m-%d %H:%M")

---
If this reply helps you, an upvote would be appreciated.

jip31 · ‎12-27-2018

thanks
but i have forgotten to say this field which exact name is "TimeCreated SystemTime" is in an xml log
so how to extract this specific field and to format it in the same time please??

25043200x8000000000000000103251SystemTOTA302000

richgalloway · ‎12-28-2018

Use xpath or rex to extract the field. The formatting is the same.

---
If this reply helps you, an upvote would be appreciated.

jip31 · ‎12-29-2018

hi
I dont know how to do the rex....
you can see the logs here
https://cjoint.com/c/HLDpeThG7Qd

richgalloway · ‎12-31-2018

A copy-and-paste sample of the log is easier to work with than an image.

Try this rex command to extract the time field:

`... | rex "SystemTime='(?<SystemTime>[^']+)" | ...`

---
If this reply helps you, an upvote would be appreciated.

jip31 · ‎01-01-2019

thanks a lot

Can you help me format system time?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>