All Apps and Add-ons
Highlighted

Splunk App for Stream: How do I change the timestamp format and timezone?

Engager

As we know,the date seems like this:

2015-11-10T03:46:01.031377Z

I want to change it like this:

15/11/10 11:46:01.031377

Notice that I need to change the timezone to +8.Just tell me how to do it,please..

0 Karma
Highlighted

Re: Splunk App for Stream: How do I change the timestamp format and timezone?

Splunk Employee
Splunk Employee

hi oraant,

You can try something like this: eval time_var = strptime("%Y-%m-%dT%H:%M:%S.%6N%z", endtime) | convert timeformat="%y/%m/%d %H:%M:%S" ctime(time_var) AS c_time (assuming that you want to convert the endtime field)

0 Karma