Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Convert Time with T and Z to Normal format

Ricco19
Loves-to-Learn
‎04-09-2024 08:32 AM

I have a timestamp with this format

"2024-01-01T20:00:00.190000000Z"

I can convert this to normal format using rex, however, I want to know is there a alternative to convert to normal time format?

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-09-2024 08:54 AM

There are many formats that someone would consider "normal".  Almost none of them require rex.  Use the strptime and strftime functions to convert one time format to another.

| eval ts = strftime(strptime(ts, "%Y-%m-%dT%H:%M:%S.%9N%Z"), "<<your 'normal' format>>")

 

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...