trying to change the format of Timestamp within _Raw using Mask function
Hello , I am trying to change the format of Timestamp within _Raw using Mask function, Can you help to convert 2023-05-24T12:34:37.490Z into 05-24-2023 12:34:37 format. I do not want to create a sperate field for the converted time instead I want to see the changes with _Raw.
Best Answer
-
you don't need strptime/strftime at all for what you want to do
https://regex101.com/r/Z33GIv/1
that's all it takes
0
Answers
-
Current output
I tried this function to convert the string time to date format and then eventually converted it to String format but it does not replace the desired time string in the raw log. Could anyone please help?
Sample Date String in log which needs to be replaced with different format:
2023-05-24T12:34:37.490ZRegex:
(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z)Replace Expression:
C.Time.strftime(C.time.strptime(g1, "%Y-%m-%dT%H:%M:%S%LZ", false, false), "%m-%d-%Y %H:%M", false)0 -
cries over converting a perfectly fine timestamp into a terrible format
Are you aware you're losing the timezone information?
Also, create one capture group per "piece of information" in your Regex, e.g. put parentheses around the year, month, day etc seperately. Then you can just use those numbered groups in your replacement string
No need to do actual timestamp parsing and formatting
0 -
you don't need strptime/strftime at all for what you want to do
https://regex101.com/r/Z33GIv/1
that's all it takes
0 -
Yes, I got the solution by creating separate groups. Thanks a lot for the same.:) However, if the date needs to be converted from
2023-05-24T12:34:37.490ZtoSep 10 04:39:58then functions will be needed, right? can you please suggest how should I proceed in this case?Got the solution thanks for your assistance. Appreciated:slightly_smiling_face:.
final replace expression:
C.Time.strftime(C.Time.strptime(g1, "%Y-%m-%dT%H:%M:%S.%LZ"), "%b %d %H:%M:%S")0
