How to Convert the Time in a Desired Format Using SPLUNK

How to Convert the Time in a Desired Format Using SPLUNK

Suppose we have a time format field in the SPLUNK. We want to convert that field in a desired format.

We can convert the time format field in a desired format very easily. Below  we have given the query.

QUERY

index=”nissan” sourcetype=”csv”
| table Opened
| eval EpochOpened=strptime(Opened,”%m/%d/%Y %H:%M”)
| eval DesiredOpened=strftime(EpochOpened,”%d-%+”)
| fields – Epoch*

 

Result:

3

 

Explanation:

In the above query “Opened” is the existing field name in the “nissan” index and sourcetype name is “csv”.

At first we have taken the “Opened” field by the “table” command. Then we have used the “strptime” function with the “eval” command to convert the time format into epochtime and taken the epochtime in “EpochOpened” field. After that we have used another  function called “strftime” with the “eval” command to format the “EpochOpened “ field to our desired format.At last by the “fields” command we have exclude the “EpochOpened” field from the result set.

Hope this has helped you in achieving the below requirement without fail :

How to Convert the Time in a Desired Format Using SPLUNK

Happy Splunking !!

 

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.