Re: Time extraction from string?

asifhj · ‎04-20-2014

I have following values in a field

+000 00:00:00.00

+000 00:00:00.03

+000 00:00:43.18

+000 00:00:20.69

+000 00:00:00.04

+000 00:00:00.01

+000 00:00:00.03

I tried the following query to extract

...| eval t = strftime(strptime(CPU_USED,"+%3N %T.%Q"),"%3N %T.%Q") | table t, CPU_USED

I am getting the output as follows

000 00:00:00.000

000 00:00:43.000

000 00:00:20.000

000 00:00:00.000

As u can see I am unable to get the last two digits basically they are milliseconds.

And suggestions?

Regards

Asif J.

adityapavan18 · ‎04-21-2014

So i guess splunk timestamp processor is confused..use only one and hopefully it should work

Time extraction from string?