Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Date formatting in dashboard studio?

wkrupinsky
Explorer
‎11-30-2022 11:25 AM

I am using a single value in a dashboard, it is only showing a date, but I cannot get the date to format the way want it on the dashboard. My search string is: index=conmon earliest=11/23/2022:00:00:00 dedup LASTMODIFIED eval tst = strftime(strptime(LASTMODIFIED, %Y-%m-%d), %Y-%m-%d) fields tst

want 11-23-2022 , but continue to get 2022-11-23T13:35:53-05:00

The search on its own brings back the value correctly, but not on the dashboard. Any help would b greatly appreciated.

Bill K

Labels (1)
Labels
0 Karma
Reply

wkrupinsky
Explorer
‎12-07-2022 05:29 AM

richgalloway, maybe this makes more sense, here is my search string: index=conmon earliest>="12/05/2022:00:00:00" | dedup _time | eval mytime=strftime(_time, "%F") | table mytime

as a search I get back the value correctly, when I use this search in a dashboard singlevalue panel, i get utc with time as the value showing

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-07-2022 12:05 PM

I can't reproduce this problem.  The query displays times in my selected time zone in both the search window and in a dashboard.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

wkrupinsky
Explorer
‎11-30-2022 02:30 PM

richgalloway, changing the format did not help. LASTMODIFIED doe snot come up as a choice, just _time or tst(null) as the selected data field. it is date time. but a string in the data itself

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-01-2022 06:55 AM

What do you mean by "LASTMODIFIED does not come up as a choice"? Is LASTMODIFIED a field? If not then why is it in the query?

Please share sanitized sample events if you need help extracting LASTMODIFIED.

---
If this reply helps you, Karma would be appreciated.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-30-2022 11:53 AM

The format string in strftime is incorrect. Try "%m-%d-%Y".

index=conmon earliest=11/23/2022:00:00:00 
| dedup LASTMODIFIED 
| eval tst = strftime(strptime(LASTMODIFIED, "%Y-%m-%d"), "%m-%d-%Y") 
| fields tst
---
If this reply helps you, Karma would be appreciated.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-30-2022 12:16 PM

That depends, however, on the format of the LASTMODIFIED field. Would you please share that?

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...