Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Remove Time from results

pboynton63
Explorer
‎08-24-2016 02:07 PM

Since a picture speaks a thousand words here is what my current results get me:

alt text

As you can search my search gets me Date, Leased IP, and Host Name

I would like the Date field to contain only the date i.e 08/24/2016 and not the hour, minute and second. Is there a way to do that?

Thanks for any help you can throw my way,

P.

Tags (2)
Preview file
84 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎08-24-2016 02:09 PM

Add this to your search

... | eval Date=strftime(Date, "%x")

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎08-24-2016 02:09 PM

Add this to your search

... | eval Date=strftime(Date, "%x")
0 Karma
Reply
Solved! Jump to solution

pboynton63
Explorer
‎08-24-2016 02:35 PM

I removed the convert piece as you suggested. That does not seem to have worked if I understood you correctly.
alt text

Preview file
66 KB
0 Karma
Reply
Solved! Jump to solution

sundareshr
Legend
‎08-24-2016 02:41 PM

Instead of the convert, add this

... | eval Date=strftime(_time, "%x") | fields - _time | ...
Reply
Solved! Jump to solution

pboynton63
Explorer
‎08-24-2016 02:44 PM

That did the trick! So many thanks to everyone for the help!

0 Karma
Reply
Solved! Jump to solution

pboynton63
Explorer
‎08-24-2016 02:22 PM

Thank you Sundareshr,

Here are the results of your suggestion:

alt text

It seems to have taken the date and time, and what I was looking for was just to remove the hour, minute, and second. I would still like the date e.g. 08/24/2016

But I think we are close!

Again my thanks,

P.

Preview file
81 KB
0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎08-24-2016 02:26 PM

Skip the convert - after that you have a string and no longer an epoch value which is required by strftime() to work.

cheers, MuS

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...