All Apps and Add-ons

Splunk App for Stream: How do I change the timestamp format and timezone?


As we know,the date seems like this:


I want to change it like this:

15/11/10 11:46:01.031377

Notice that I need to change the timezone to +8.Just tell me how to do it,please..

0 Karma

Splunk Employee
Splunk Employee

hi oraant,

You can try something like this: eval time_var = strptime("%Y-%m-%dT%H:%M:%S.%6N%z", endtime) | convert timeformat="%y/%m/%d %H:%M:%S" ctime(time_var) AS c_time (assuming that you want to convert the endtime field)

0 Karma
Get Updates on the Splunk Community!

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...