Solved: Re: How to convert this string into a usable time ...

jperezes · ‎03-02-2017

Hi and thanks in advance,

I am trying to convert the following time example field:

2017-03-02T09:41:38.405Z

into a Splunk time format so I can get time windows to use in streamstats.
thing is with the T in the middle and the Z at the end, all the tries I am doing with strptime are failing.
I tried the following:

|eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S.%3QZ")

but no luck, any idea?

Rgds,
Juan

woodcock · ‎03-02-2017

2017-03-02T09:41:38.405Z

Like this (The trailing Z is for Zulu, AKA GMT so you need to grab the TZ with %Z😞

| eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S.%3N%Z")

View solution in original post

woodcock · ‎03-02-2017

2017-03-02T09:41:38.405Z

Like this (The trailing Z is for Zulu, AKA GMT so you need to grab the TZ with %Z😞

| eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S.%3N%Z")

jperezes · ‎03-08-2017

Thanks, sorry for late reply but was trying bits and pieces but couldn't get what I wanted; get the streamstats based on next time specifiead in the json data, not the arrival time. So far no luck on all my tries, not sure if is possible. Will post another question.

Thanks anyway.

How to convert this string into a usable time format?

Index This | Forward, I’m heavy; backward, I’m not. What am I?

A Guide To Cloud Migration Success

Join Us for Splunk University and Get Your Bootcamp Game On!