Skip to main content
Sumo Logic

parseDate

The parseDate operator extracts a date or time from a string and converts it to an integer number of seconds.

Syntax

parseDate(strDate, dateFormat)

parseDate(strDate, dateFormat, timeZone)

The parseDate operator returns an epoch timestamp, such as 1501075510.

If you do not supply timeZone, the date returned is Pacific Standard Time (PST).  For a list of timezone codes, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.

Rules

  • strDate must start with the characters to match with the dateFormat pattern. For example, "3/4/2005 other" but not "other 3/4/2005".
  • dateFormat is a pattern string, such as "MM/dd/yyyy HH:mm:ss a".
    Pattern Description Range
    a am/pm AM, PM
    dd Day of month 1-31
    HH Hour 0-23
    hh Hour 1-12
    MM Month 1-12
    mm Minutes 1-59
    ss Seconds 1-59
    yy Year e.g., 17
    yyyy Year e.g., 2017

Example

Given a log message such as:

instance of Win32_NTLogEvent
{
	EventIdentifier = 100;
	Logfile = "Application";
	RecordNumber = 894528;
	SourceName = "Bonjour Service";
	TimeGenerated = "20170720000030.000000-000";
	TimeWritten = "20170720000030.000000-000";
	Type = "Error";
    ...

The following query returns TimeGenerated as an epoch timestamp, in this example 1500534030000.

| parse "TimeGenerated = \"*.000000-000" as dd
| parseDate(dd, "yyyyMMddHHmmss") as epoch

See Also

To convert an epoch timestamp for human view, use the formatDate operator.