cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
nate_washburn
Engager
Member since: ‎12-20-2021
‎01-21-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎12-20-2021
Activity Feed
Topics I've Started
View All

Re: Date and time conversion

by in Splunk Search
‎01-21-2022 10:19 AM
‎01-21-2022 10:19 AM
Thanks @diogofgm  you got me started down the correct path.  With a little tweeking, here is what worked for me. | eval body.timestamp=strptime('body.timestamp',"%Y-%m-%dT%H:%M:%S.%7NZ") | convert timeformat="%Y-%m-%d %H:%M:%S" ctime(body.timestamp) as timestamp2 ... View more

Date and time conversion

by in Splunk Search
‎01-21-2022 08:51 AM
‎01-21-2022 08:51 AM
Hi, in my index I have a couple time fields that are returned via a simple search _time = 1/20/2022 1:38:55.000 PM (the Splunk-generated time) body.timestamp = 2022-01-20T21:38:45.7774493Z (the transaction time from our log) I am trying to format the time output with the convert function but can only get the first result to return. | convert timeformat="%Y-%m-%d %H:%M:%S" ctime(_time) AS timestamp = 2022-01-20 21:38:55 | convert timeformat="%Y-%m-%d %H:%M:%S" ctime(body.timestamp) AS timestamp2 = none Am I missing something for the second timestamp to be returned? Thanks! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-21-2022 07:02 PM
Karma given to
View All