todatetime function to convert various data types to a datetime value. This is helpful when you need to normalize date and time values from different formats or sources into a standard datetime format for comparison, filtering, or time-based analysis.
You typically use todatetime when working with date strings, timestamps, or other time representations that need to be converted to datetime format for time-based operations.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk, you use
strptime or strftime functions to parse date strings, or eval with time functions. In APL, todatetime provides a direct conversion function that handles various date and time formats.ANSI SQL users
ANSI SQL users
In standard SQL, you use
CAST(... AS DATETIME) or TO_DATE functions to convert strings to datetime. In APL, todatetime provides a simpler way to convert various types to datetime values.Usage
Syntax
Parameters
| Name | Type | Description |
|---|---|---|
| value | dynamic | The value to convert to datetime. |
Returns
If the conversion is successful, the result is a datetime value. If the conversion isn’t successful, the result isnull.
Conversion behavior
Thetodatetime function converts values based on their type:
- Integer/Float: Assumed to be nanoseconds since epoch.
- String: Parsed using the
dateparsepackage, which accepts many common date and time formats. See the upstream examples for supported formats.
Use case example
Convert date strings from log fields to datetime values for time-based filtering and analysis. Query| _time | uri | status | log_date |
|---|---|---|---|
| Jun 24, 09:28:10 | /api/users | 200 | 2024-06-24T00:00:00Z |
List of related functions
- totimespan: Converts input to timespan. Use
totimespanfor duration values, andtodatetimefor absolute time points.å