I’m trying to extract the date and time from the Winevent log when an unexpected shutdown has occurred(EventCode=6008)
The message in the event is below:
The previous system shutdown at 7:53:08 AM on 3/2/2016 was unexpected.
I created two extracted fields to capture the shutdown date and time respectively: shutdown date(3/2/2016) and shutdown time(7:53:08). The code below joins the two fields together and inputs them into the strptime function.
This function however doesn’t return a value. However, if I pass a hardcoded value to strptime(“3/2/2016 7:53:08 AM”) it returns an epoch value. Can someone help? thanks.
index=wineventlog EventCode=6008
| Eval combo = shutdown_date + “ “ + shutdown_time | eval otime = strptime(combo, “%m%d%Y%I:M:%S %p”)
Table otime
↧