Archive

how to parse and format single digit month in splunk

Path Finder

All,

how can i parse a single digit month like(7/20/2014) date format and convert it into (07/20/2014).
Is it a limitation in splunk ? as %m is only seems to be fomating(01 - 12) .

Tags (1)

Influencer

Splunk will take care of single digit months. See Example 3 in this link
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/SearchTimeModifiers

0 Karma

Communicator

Hello,

I confirm that Splunk can parse a single month, 7/20/2014. I created the following test log.

7/20/2014 10:23 Login
7/20/2014 11:30 Logoff

Then Splunk 6.1.2 can parse these date/time correctly without any manual configuration.

And I found you may use "%1m", "%-m" or "%#m" to convert two digit month into a single digit month.

... | eval my_date=strftime(_time, "%1m/%1d/%Y") | table _time my_date

If you provide any sample log and scinario, I can help you more.

Thank you.

Communicator

I confirm the following conversion works fine.

| stats count | eval e="7/9/2014" | eval et=strptime(e, "%m/%d/%Y") | eval 2digitm=strftime(e_t,"%m/%d/%Y")

Could you explain me what "effective_date" is?

I hope it helps you.

0 Karma

Path Finder

Thanks Alot Suda for taking time to reply ,
I tried your solution ,while I am trying to convert 7/9/2014 to 07/09/2014 , it doesnt seems to be working , can you please suggest?

eval etime = strptime(effectivedate,"%1m %e, %Y")|eval newdate = strftime(etime,"%m/%d/%Y")

0 Karma