Solved: Problem with strptime() when date is earlier than ...

manus · ‎08-15-2014

|eval DateMeasured="1900-01-01"

|eval DateMeasured=strftime(strptime(DateMeasured,"%Y-%m-%d"),"%d/%m/%Y")

Returns nothing. And I think it's because the date is before 1rst jan 1970.

Does somebody know how to make this work?

somesoni2 · ‎08-15-2014

Try this workaround.

|eval DateMeasured="1900-01-01" | eval DateMeasured=replace(DateMeasured,"^(\d{4})-(\d{1,2})-(\d{1,2})", "\3/\2/\1")

somesoni2 · ‎08-15-2014

Try this workaround.

|eval DateMeasured="1900-01-01" | eval DateMeasured=replace(DateMeasured,"^(\d{4})-(\d{1,2})-(\d{1,2})", "\3/\2/\1")

manus · ‎08-15-2014

Yes, that works!

manus · ‎08-15-2014

As my question implied, I wanted to re-format it.
Thank you very much for the quick answer.

somesoni2 · ‎08-15-2014

Splunk only support date with epoch value greater than 0 (which is 01 Jan 1970 00:00:00 UTC). What do you intend to do with dates older than 1970?

Problem with strptime() when date is earlier than 1970