Experts,
Time of the log is appended in my source file name ... I want it to be converted into a human readable format and i prefer assigning the same to a field . lets say new_time.. Hope u can help me...
Sample file name
...... 20130124 ......... file.txt
...... 20121229.......... file.txt
Thanks
Katrine
first, extract the date from the source.
source=*mysource* | rex field=source "(?<_date_>\d{8})" | table _date_
see http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rex
second convert the date using your format of choice .
mysearch | convert TIMEFORMAT="%Y-%m-%d" ctime(_date_) AS date
see http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Convert
have the same query, but i dont want it to be in readable format as i am using this time for sorting my field entries..
How to convert the date in the above format to epoch time?
201303140216
yyyymmddHHMM
here hour and minute is in 12 hours clock, so the time may be 02:16PM
tried converting it using
time=strptime(mytime,"%Y%m%d%I%M")
not seems to be working properly...
please help
What did you try exactly?
date is in the format yyyymmdd so output should be 24-01-2013.. but result obtained is something else.. tried changing time date variables