Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Timezone- Could you please help me convert all the values to a standard  timezone(UTC)?

ranjithan
Path Finder
‎10-23-2022 07:27 AM

Hi Community,

Please help me..

I have a field Expiration with values having different timezones . Could you please help me convert all the values to a standard  timezone(UTC).  Any help would be appreciated.  Thanks in advance

Expiration

18:02:56 EDT Oct 5 2022
12:02:56 CDT Oct 5 2022
13:02:56 EDT Oct 5 2022
18:02:56 CDT Oct 5 2022
18:59:59 EST Nov 15 2022
19:59:59 EDT Oct 5 2022
17:02:56 UTC Oct 5 2022
18:59:59 CDT Oct 5 2022
Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-23-2022 07:44 AM

Hi @ranjithan,

you could extract the timezone from the field and then put in a lookup the convertion factor.

so create a lookup called timezone_convertion_factor.csv with two columns: timezone, convertion_factor like the following (in the real case, obviously put all the values that you can find in many sites as https://en.wikipedia.org/wiki/List_of_tz_database_time_zones😞

 

timezone convertion_factor
EDT -5
CDT -6
EST -5
UTC 0

 

 you could run something like this:

 

<your_search>
| eval timezone=strftime(Expiration,"%Z")
| lookup timezone_convertion_factor.csv timezone OUTPUT convertion_factor
| eval Expitarion_UTC=Expitarion+convertion_factor*3600
| table Expitarion_UTC

 

Ciao.

Giuseppe

 

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-23-2022 07:44 AM

Hi @ranjithan,

you could extract the timezone from the field and then put in a lookup the convertion factor.

so create a lookup called timezone_convertion_factor.csv with two columns: timezone, convertion_factor like the following (in the real case, obviously put all the values that you can find in many sites as https://en.wikipedia.org/wiki/List_of_tz_database_time_zones😞

 

timezone convertion_factor
EDT -5
CDT -6
EST -5
UTC 0

 

 you could run something like this:

 

<your_search>
| eval timezone=strftime(Expiration,"%Z")
| lookup timezone_convertion_factor.csv timezone OUTPUT convertion_factor
| eval Expitarion_UTC=Expitarion+convertion_factor*3600
| table Expitarion_UTC

 

Ciao.

Giuseppe

 

Reply
Solved! Jump to solution

ranjithan
Path Finder
‎10-23-2022 08:41 AM

Thank you so much   .    Also I just realised that using   %Z  with strptime automatically converts to epoch time from any time zone and this also can  standardise the time    for time calculations.  

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-23-2022 11:31 PM

HI @ranjithan,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Solved! Jump to solution

ranjithan
Path Finder
‎10-24-2022 02:56 AM

Thanks again for your help! 

0 Karma
Reply
Get Updates on the Splunk Community!

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...