https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127656#M34627 <P>hi, does this help? <A href="http://docs.splunk.com/Documentation/DBX/1.1/DeployDBX/Troubleshoot#Issues_with_bad_line_breaking.2Fline_merging">http://docs.splunk.com/Documentation/DBX/1.1/DeployDBX/Troubleshoot#Issues_with_bad_line_breaking.2Fline_merging</A></P> <P>I usually try to solve time issues in SQL first, it's easier to ask the database to CAST than it is to write a TIME_FORMAT.</P> Mon, 04 Nov 2013 19:49:27 GMT jcoates_splunk 2013-11-04T19:49:27Z https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127655#M34626 <P>Hi,<BR /> we have a tool, which is writing to a database.<BR /> I use splunk db connect to get the data out of it.<BR /> The tool writes a timestamp with YYYY-MM-DD into the database.<BR /> This is not respected by splunk, because it is doing like MM/DD/YYY</P> <P>When I use the dbquerys as they come on a default splunk environment splunk has the date format:10/28/13 3:38:39.000 AM <BR /> The replication monitor tool is writing to the database in this format: 2013-10-23 06:33:47.443</P> <P>So when I search with the DBquery it cannot match them. When I remove the time related query it is showing me results.</P> <P>Solution approaches:<BR /> - I set the date/time in the windows machine like it is in the database --&gt; no success<BR /> - I tried with different urls - like described here: <A href="http://answers.splunk.com/answers/525/how-can-i-change-the-time-format-in-splunk-web" target="_blank">http://answers.splunk.com/answers/525/how-can-i-change-the-time-format-in-splunk-web</A> --&gt; no success<BR /> - I tried to use the Time_Format Parameter like this: <BR /> [Vault Monitor]<BR /> TIME_FORMAT = %Y-%m-%d %k:%M:%S<BR /> in<BR /> C:\Program Files\Splunk\etc\system\local\props.conf --&gt; no success</P> <P>anyone an fruitful idea?<BR /> Thanks!</P> <P>BR</P> Mon, 28 Sep 2020 15:11:34 GMT https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127655#M34626 ryoku 2020-09-28T15:11:34Z https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127656#M34627 <P>hi, does this help? <A href="http://docs.splunk.com/Documentation/DBX/1.1/DeployDBX/Troubleshoot#Issues_with_bad_line_breaking.2Fline_merging">http://docs.splunk.com/Documentation/DBX/1.1/DeployDBX/Troubleshoot#Issues_with_bad_line_breaking.2Fline_merging</A></P> <P>I usually try to solve time issues in SQL first, it's easier to ask the database to CAST than it is to write a TIME_FORMAT.</P> Mon, 04 Nov 2013 19:49:27 GMT https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127656#M34627 jcoates_splunk 2013-11-04T19:49:27Z https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127657#M34628 <P>hello...<BR /> I did it now in SQL with <BR /> Select format(sampledate,'MM/dd/yyyy hh:mm:ss','en-US')</P> <P>but it is not taking this into consideration when I use the date picker.<BR /> Or I want to narrow down to the last 60 seconds.</P> <P>it does not compare my column with the splunk date....<BR /> anyone else an idea?</P> Tue, 05 Nov 2013 13:58:58 GMT https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127657#M34628 ryoku 2013-11-05T13:58:58Z https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127658#M34629 <P>hello...<BR /> I did it now in SQL with <BR /> Select format(sampledate,'MM/dd/yyyy hh:mm:ss','en-US')</P> <P>but it is not taking this into consideration when I use the date picker.<BR /> Or I want to narrow down to the last 60 seconds.</P> <P>it does not compare my column with the splunk date....<BR /> anyone else an idea?</P> Tue, 05 Nov 2013 13:59:43 GMT https://community.splunk.com/t5/Splunk-Search/date-time-format/m-p/127658#M34629 ryoku 2013-11-05T13:59:43Z