Hi, I wonder whether someone may be able to help me please.
I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time so I can perform some date calculations.
So I've been looking at the Splunk documentation [here][1] and I thought I'd understood the variables I need to use and then convert and I put together the following:
|eval startTime=strptime(apiStartTime, "%a %m %d %H:%M:%S %Y")|convert timeformat="%d/%b/%Y" ctime(startTime)
Unfortunately though this isn't working, and I'm not sure why.
I just wondered whether someone could possibly look at this please and let me know where I've gone wrong.
Many thanks and kind regards
Chris
[1]: http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/Commontimeformatvariables
↧