Archive

Time Segregation from Timestamp

Could you please let me know how to extract the day of the week, month,date(dd), time of the day (hh:mm:ss),year from the pattern : mm/dd/yy hh:mm:ss - 04/23/14 23:00:22
Eg of the result : Wednesday April 23 23:00:22 2014

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

The field "_time" contains the epoch time of the events, and is automatically displayed at search time on the local version of your time format and timezone.

If you want to create a new field with a different format, you can use the convert function.
see http://docs.splunk.com/Documentation/Splunk/6.0.3/SearchReference/Convert
and the formats http://docs.splunk.com/Documentation/Splunk/6.0.3/SearchReference/Commontimeformatvariables

<mysearch> | convert timeformat="%A %B %d %H:%M:%S %Y" ctime(_time) AS mytime | table mytime _time _raw

SplunkTrust
SplunkTrust

When Splunk indexes data it does some implicit field extractions like datewday, datemonth, datemday, dateyear etc.... You can form your expected output from there or you can use splunk command like convert or strftime to generate the output you need.