All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk App for Stream: How do I change the timestamp format and timezone?

oraant
Engager
‎11-09-2015 08:19 PM

As we know,the date seems like this:

2015-11-10T03:46:01.031377Z

I want to change it like this:

15/11/10 11:46:01.031377

Notice that I need to change the timezone to +8.Just tell me how to do it,please..

0 Karma
Reply

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-13-2015 11:03 AM

hi oraant,

You can try something like this: eval time_var = strptime("%Y-%m-%dT%H:%M:%S.%6N%z", endtime) | convert timeformat="%y/%m/%d %H:%M:%S" ctime(time_var) AS c_time (assuming that you want to convert the endtime field)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...