All Apps and Add-ons

How convert a time field from %Y%m%d%H%M%S.0Z to a human readable format?

darlas
Communicator

After upgrading Active Directory Add-on to pull ldap data, the date fields are coming in a strange format which I cannot figure out how to convert.

The format is %Y%m%d%H%M%S.0Z

For example: 20140402220534.0Z

I assume the .0Z part is a timezone reference.

Anyhow, I'm trying to convert/display it in a human readable way, but cannot figure it out.

Any ideas?

0 Karma
1 Solution

MuS
Legend

Hi darlas,

probably there is a better way to do this, but if you take your date string and strptime first and strftime after you get something like this 2014-04-02 22:05:34. Here is the search to get there (the first line is only to create the date string):

| gentimes start=-1 | eval myTime="20140402220534" 
| eval HumanTime=strptime(myTime, "%Y%m%d%H%M%S") 
| eval HumanTime2=strftime(HumanTime, "%Y-%m-%d %H:%M:%S") 
| table myTime HumanTime HumanTime2

BTW the .0Z means UTC.

Hope this helps ...

cheers, MuS

View solution in original post

MuS
Legend

Hi darlas,

probably there is a better way to do this, but if you take your date string and strptime first and strftime after you get something like this 2014-04-02 22:05:34. Here is the search to get there (the first line is only to create the date string):

| gentimes start=-1 | eval myTime="20140402220534" 
| eval HumanTime=strptime(myTime, "%Y%m%d%H%M%S") 
| eval HumanTime2=strftime(HumanTime, "%Y-%m-%d %H:%M:%S") 
| table myTime HumanTime HumanTime2

BTW the .0Z means UTC.

Hope this helps ...

cheers, MuS

darlas
Communicator

You are my HERO !

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...