https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416900#M119967 <P>Click <CODE>Accept</CODE> to close this question and ask another one; let's keep this orderly. The probably answer to your other question is that you did not configure the email settings (correctly) on the search head.</P> Thu, 18 Apr 2019 13:23:22 GMT woodcock 2019-04-18T13:23:22Z https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416897#M119964 <P>Hi All,</P> <P>I am unable to convert date string to date format using below SPL query.</P> <PRE><CODE>eval "-Last Logon Date" = strptime("Last Logon Date", "%m/%d/%Y") | sort "Last Logon Date" | table "User Name", "User Lock Status", "Last Logon Date" </CODE></PRE> <P>Also while sorting it is not properly performing the operation. Please suggest how to extract date values from Last Logon Date column which are 60 or 90 days earlier.</P> <P>Thanks,<BR /> Vineeth Jain</P> Tue, 16 Apr 2019 08:24:29 GMT https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416897#M119964 vineeth_jain 2019-04-16T08:24:29Z https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416898#M119965 <P>There are many things wrong here. Field names with spaces are EVIL. Never use <CODE>sort</CODE> without a number after it (get in the habit of <CODE>sort 0</CODE> for unlimited). Try this:</P> <PRE><CODE>... | rename "* * * * *" AS *_*_*_*_*, "* * * *" AS *_*_*_*, "* * *" AS *_*_*, "* *" AS *_* | eval Last_Logon_Date = strptime(Last_Logon_Date, "%m/%d/%Y") | where ((Last_Logon_Date &gt;= relative_time(now(), "-90d")) AND (Last_Logon_Date &lt;= relative_time(now(), "-60d"))) | sort 0 - Last_Logon_Date | fieldformat Last_Logon_Date = strftime(Last_Logon_Date, "%m/%d/%Y") | table User_Name User_Lock_Status Last_Logon_Date </CODE></PRE> Tue, 16 Apr 2019 14:29:23 GMT https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416898#M119965 woodcock 2019-04-16T14:29:23Z https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416899#M119966 <P>Thanks for your reply and suggestion about field names. It has worked for me.</P> <P>Another doubt, how can I export the results of this search using email notification. I have tried alert option but unable to send email notification.</P> Wed, 17 Apr 2019 05:26:33 GMT https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416899#M119966 vineeth_jain 2019-04-17T05:26:33Z https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416900#M119967 <P>Click <CODE>Accept</CODE> to close this question and ask another one; let's keep this orderly. The probably answer to your other question is that you did not configure the email settings (correctly) on the search head.</P> Thu, 18 Apr 2019 13:23:22 GMT https://community.splunk.com/t5/Splunk-Search/How-to-convert-date-string-to-date-format-in-string-and-extract/m-p/416900#M119967 woodcock 2019-04-18T13:23:22Z