topic How to rename _time column in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199741#M57861 <P>How to rename the _time to TIME in the below query:</P> <P>|inputlookup currentesdorders.csv | dedup ORDER_NUMBER | where ORDER_TOTAL =0 | fields ESD_ORDER CREATION_DATE | eval ESD_ORDER=if(ESD_ORDER="Y","ESD","Physical") | eval _time=CREATION_DATE | timechart span=1w count(CREATION_DATE) as count by ESD_ORDER</P> Mon, 28 Sep 2020 16:52:48 GMT webnair 2020-09-28T16:52:48Z How to rename _time column https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199741#M57861 <P>How to rename the _time to TIME in the below query:</P> <P>|inputlookup currentesdorders.csv | dedup ORDER_NUMBER | where ORDER_TOTAL =0 | fields ESD_ORDER CREATION_DATE | eval ESD_ORDER=if(ESD_ORDER="Y","ESD","Physical") | eval _time=CREATION_DATE | timechart span=1w count(CREATION_DATE) as count by ESD_ORDER</P> Mon, 28 Sep 2020 16:52:48 GMT https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199741#M57861 webnair 2020-09-28T16:52:48Z Re: How to rename _time column https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199742#M57862 <P>try this </P> <P>...| rename _time AS TIME</P> Wed, 18 Jun 2014 02:16:10 GMT https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199742#M57862 Isaias_Garcia 2014-06-18T02:16:10Z Re: How to rename _time column https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199743#M57863 <P>Thanks for the quick answer. Th ecolumn name changes but then the time gets converted to unix format.<BR /> Hiw do I retain the date format for example: 2014-03-27</P> Wed, 18 Jun 2014 02:19:55 GMT https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199743#M57863 webnair 2014-06-18T02:19:55Z Re: How to rename _time column https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199744#M57864 <P>oh is see..same question was asked before.you may try this: <A href="http://answers.splunk.com/answers/1275/renaming-_time-field-causes-an-unwanted-result">http://answers.splunk.com/answers/1275/renaming-_time-field-causes-an-unwanted-result</A></P> Wed, 18 Jun 2014 02:27:10 GMT https://community.splunk.com/t5/Splunk-Search/How-to-rename-time-column/m-p/199744#M57864 Isaias_Garcia 2014-06-18T02:27:10Z