I have a field name called "openedat" where the date in this field is in text format (YYYY-MM-DD HH:MM:SS). Now, using "openedat" field, I need to create a new field called "month_name" which should display only month in (MMM) format.
Example:- If my date in the field "openedat" is in text format (2017-05-31 10:20:10), then the new field should be populated as "monthname" and it should show the result as "May".
If you already have a field named opened_at extracted then do it this way -
<your search> | eval month_name=strftime(strptime(opened_at,"%F %T"),"%b")
Here are details of the time functions used - http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/CommonEvalFunctions
A combination of strptime to convert the existing time into an epoch, then a strftime to convert it to the format you want.
... | eval month_name = strftime(strptime(opened_at, "%Y-%m-%d %H:%M:%S"), "%B")
Should do it.
A run anywhere example:
| makeresults | eval opened_at = "2017-05-31 10:20:10" | eval month_name = strftime(strptime(opened_at, "%Y-%m-%d %H:%M:%S"), "%B")