Splunk Search

How to convert the GMT timezone to EST timezone at search time?

abhi04
Communicator

Hi,

I have a field named "statusChanged" as shown below. I need to convert this (GMT) to EST . please help on the same.

statusChanged: 2018-10-17T15:29:32.000Z

0 Karma

abhi04
Communicator

eval EST_Time=strftime(strptime(statusChanged,"%Y-%m-%dT%H:%M:%S.%3N%Z"),"%Y-%m-%d %H:%M:%S")

0 Karma

somesoni2
SplunkTrust
SplunkTrust

There are no direct function available to do so , but you can try workarounds provided in this post: https://answers.splunk.com/answers/241917/timezone-conversion-function.html

abhi04
Communicator

@somesoni2 The below worked .

eval EST_Time=strftime(strptime(statusChanged,"%Y-%m-%dT%H:%M:%S.%3N%Z"),"%Y-%m-%d %H:%M:%S")

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...