How to Convert the Time in a Desired Format Using SPLUNK
Suppose we have a time format field in the SPLUNK. We want to convert that field in a desired format.
We can convert the time format field in a desired format very easily. Below we have given the query.
QUERY
index=”nissan” sourcetype=”csv”
| table Opened
| eval EpochOpened=strptime(Opened,”%m/%d/%Y %H:%M”)
| eval DesiredOpened=strftime(EpochOpened,”%d-%+”)
| fields – Epoch*
Result:
Explanation:
In the above query “Opened” is the existing field name in the “nissan” index and sourcetype name is “csv”.
At first we have taken the “Opened” field by the “table” command. Then we have used the “strptime” function with the “eval” command to convert the time format into epochtime and taken the epochtime in “EpochOpened” field. After that we have used another function called “strftime” with the “eval” command to format the “EpochOpened “ field to our desired format.At last by the “fields” command we have exclude the “EpochOpened” field from the result set.
Hope this has helped you in achieving the below requirement without fail :
How to Convert the Time in a Desired Format Using SPLUNK
Happy Splunking !!
