Skip to main content
Sumo Logic

parseDate

The parseDate operator extracts a date or time from a string and converts it to an integer number of seconds.

Syntax

parseDate(strDate, dateFormat)

parseDate(strDate, dateFormat, timeZone)

The parseDate operator returns an epoch timestamp, such as 1501075510.

Rules

  • strDate must start with the characters to match with the dateFormat pattern. For example, "3/4/2005 other" but not "other 3/4/2005".
  • dateFormat is a pattern string, such as "MM/dd/yyyy HH:mm:ss a".
    Pattern Description Range
    a am/pm AM, PM
    dd Day of month 1-31
    HH Hour 0-23
    hh Hour 1-12
    MM Month 1-12
    mm Minutes 1-59
    ss Seconds 1-59
    yy Year e.g., 17
    yyyy Year e.g., 2017

Example

Given a log message such as:

instance of Win32_NTLogEvent
{
	EventIdentifier = 100;
	Logfile = "Application";
	RecordNumber = 894528;
	SourceName = "Bonjour Service";
	TimeGenerated = "20170720000030.000000-000";
	TimeWritten = "20170720000030.000000-000";
	Type = "Error";
    ...

The following query returns TimeGenerated as an epoch timestamp, in this example 1500534030000.

| parse "TimeGenerated = \"*.000000-000" as dd
| parseDate(dd, "yyyyMMddHHmmss") as epoch

See Also

To convert epoch timestamps to millis, use the toMillis operator, as described here.

To convert an epoch timestamp for human view, use the formatDate operator.