Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Time format

shugup2923
Path Finder
‎08-25-2021 01:36 AM

I have time field which have values such as 9AM-10PM, 10:00AM-11:00PM, I want to change 9AM-10PM to 9:00AM-10:00 PM, to normalize field in sameformat.

I tired strftime(strptime(time_field,"%H%p-%H%p"),"%H:%M%p-%H%:%M%p") 

But its not working, I also tried convert() and fieldformat but no luck. Any idea how can I achieve this ?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎08-25-2021 01:52 AM

hi @shugup2923,

You can use replace function.

| eval time=if(like(time, "%:00%"), time, replace(replace(time, "AM", ":00AM"), "PM", ":00PM"))

View solution in original post

Reply
Solved! Jump to solution

shugup2923
Path Finder
‎08-25-2021 02:31 AM

| eval timing=case(Match(timing, "\d*:\d*\w*-\d*:\d*\w*"), timing,Match(timing, "\d*:\d*\w*-\d*\w*"), replace(timing,"PM",":00PM"),Match(timing, "\d*\w*-\d*:\d*\w*"), replace(timing,"AM",":00AM"),true(), replace(replace(timing, "AM", ":00AM"), "PM", ":00PM"))

0 Karma
Reply
Solved! Jump to solution

shugup2923
Path Finder
‎08-25-2021 02:25 AM

Perfect this worked, just I did small modification - used match instead of like as there are some other values as well. Approach is very useful

0 Karma
Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎08-25-2021 01:52 AM

hi @shugup2923,

You can use replace function.

| eval time=if(like(time, "%:00%"), time, replace(replace(time, "AM", ":00AM"), "PM", ":00PM"))
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...