Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple time format in the same field

mah
Builder
‎03-11-2021 05:36 AM

Hi,

I have a field which contains epoch date and date time like %Y%m%d :

mah_0-1615469377850.png

I want this format %Y%m%d for all values in "date" field.

How can I convert epoch to date like %Y%m%d in this field ? 

Thanks !

 

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mah
Builder
‎03-11-2021 07:32 AM

Hi @manjunathmeti 

I tried your solution and it gave me this : 

mah_0-1615476507681.png

20210201 = 22-08-1970 : there is a problem ...

I tried another command : 

| convert timeformat="%Y-%m-%d" mktime("date")

and thant's worked ! All values in %Y-%m-%d format are converted to epoch time !

Thanks for your help !

View solution in original post

Tags (1)
0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎03-11-2021 06:11 AM

hi @mah,
Try this:

| eval date=if(match(date, "\d{4}\-\d{2}\-\d{2}"), replace(date, "-", ""), strftime(date, "%Y%m%d"))

 

If this reply helps you, an upvote/like would be appreciated.

0 Karma
Reply
Solved! Jump to solution
Solution

mah
Builder
‎03-11-2021 07:32 AM

Hi @manjunathmeti 

I tried your solution and it gave me this : 

mah_0-1615476507681.png

20210201 = 22-08-1970 : there is a problem ...

I tried another command : 

| convert timeformat="%Y-%m-%d" mktime("date")

and thant's worked ! All values in %Y-%m-%d format are converted to epoch time !

Thanks for your help !

Tags (1)
0 Karma
Reply
Solved! Jump to solution

manjunathmeti
Champion
‎03-11-2021 07:42 AM

Did you wanted Date field values in "%Y%m%d" OR in epoch format?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...