Solved: Why does the date format in scheduled csv report c...

mcastino · ‎08-19-2019

I have made a scheduled report which emails a csv file containing counts of particular events for each day in the last seven days.

The format looks a little like this:

Date - X, Y, Z
2019-08-12 - 5, 6, 8
2019-08-13 - 10, 8, 7
2019-08-14 - 2, 1, 1

The output in the Splunk UI shows dates correctly ( | fieldformat Date= strftime(Date, "%Y-%m-%d" ), and when I download a CSV report manually the dates also look fine.

However, in the scheduled report sent via email, dates are presented as below:

Date
1565532000
1565618400
1565704800
1565791200
1565877600
1565964000
1566050400

Any thoughts on what's going on here?

Thanks!

woodcock · ‎08-19-2019

The actual data is still an integer. Generally you should be using fieldformat the way that you are, but if the output is going to be exported and you need human-readable dates, then swap fieldformat for eval like this:

... | eval Date=strftime(Date, "%Y-%m-%d")

View solution in original post

woodcock · ‎08-19-2019

The actual data is still an integer. Generally you should be using fieldformat the way that you are, but if the output is going to be exported and you need human-readable dates, then swap fieldformat for eval like this:

... | eval Date=strftime(Date, "%Y-%m-%d")

mcastino · ‎08-20-2019

Thanks, will see how it goes!

woodcock · ‎09-03-2019

Come back and let us know how it went and click Accept to close the question.

Why does the date format in scheduled csv report change in an email?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes