parseDate
The parseDate operator extracts a date or time from a string and provides a timestamp in milliseconds.
Syntax
parseDate(<strDate>, <dateFormat>)parseDate(<strDate>, <dateFormat>, <timeZone>)
Rules
strDatemust start with the characters to match with thedateFormatpattern. For example, "3/4/2005 other" but not "other 3/4/2005".dateFormatis a pattern string, such as "MM/dd/yyyy HH:mm:ss a". For
more details about specifying thedateFormatsee Timestamps, Time Zones, Time Ranges, and Date Formats.- If you do not supply
timeZone,the operator defaults to the time zone set in your preferences. For a list oftimeZonecodes, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. - A full list of the supported patterns can be found on Java's simpledateformat documentation.
Example
Given a log message such as:
instance of Win32_NTLogEvent
{
EventIdentifier = 100;
Logfile = "Application";
RecordNumber = 894528;
SourceName = "Bonjour Service";
TimeGenerated = "20170720000030.000000-000";
TimeWritten = "20170720000030.000000-000";
Type = "Error";
...
The following query returns TimeGenerated as a timestamp in milliseconds, in this example 1500534030000.
| parse "TimeGenerated = \"*.000000-000" as dd
| parseDate(dd, "yyyyMMddHHmmss") as milliseconds
To specify a time zone:
| parseDate(dd, "yyyyMMddHHmmss", "etc/utc") as milliseconds
See Also
- To convert an epoch timestamp in a human-readable format, use the
formatDateoperator. - Example Timestamps, Time Zones, Time Ranges, and Date Formats.