Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Convert Time with T and Z to Normal format

Ricco19
Loves-to-Learn
‎04-09-2024 08:32 AM

I have a timestamp with this format

"2024-01-01T20:00:00.190000000Z"

I can convert this to normal format using rex, however, I want to know is there a alternative to convert to normal time format?

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-09-2024 08:54 AM

There are many formats that someone would consider "normal".  Almost none of them require rex.  Use the strptime and strftime functions to convert one time format to another.

| eval ts = strftime(strptime(ts, "%Y-%m-%dT%H:%M:%S.%9N%Z"), "<<your 'normal' format>>")

 

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...