Convert non timestamp time to Epoch

Scenario:
You have a non timestamp field that you need to convert to epoch time to perform statistics on within splunk.

Here’s how you do it:

your search goes here |eval Epoch_Time=strptime(Field_Date, "%Y-%m-%d %H:%M:%S")
Share This:

Leave A Comment?