how to change date/time format in .csv email alert...

Jaci · ‎11-08-2010

When I schedule the following search and send a report through email, the date/time in the attached .csv file does not show the correct format, it shows the numerical time ie. 1287990000.

index=_internal todaysBytesIndexed LicenseManager-Audit NOT source=*web_service.log | eval Daily_Indexing_Volume_in_MBs = todaysBytesIndexed/1024/1024 | timechart avg(Daily_Indexing_Volume_in_MBs) by host

Running the search in the UI and as an exported report will return a readable date.

10/25/10 00:00:00.000 AM

How do I convert the date/time format in the .csv file?

southeringtonp · ‎11-09-2010

One of several options:

| convert ctime(_time) as timestamp

Also, see previous thread:
http://answers.splunk.com/questions/6971/how-to-format-time-field-in-results-email

southeringtonp · ‎11-10-2010

Easy enough to modify the script yourself, but agreed that at least _time specifically should be automatic. Maybe time to file another ER...

splunk47 · ‎04-27-2015

@southeringtonp
can you please help in modifying the sendemail.py python script
so that job.earliestTime token will display date and time differently with proper timezone as well

Lowell · ‎11-09-2010

Does anyone know why this isn't handled automatically in the sendemail.py script? I mean, does anyone ever really want to see _time as an epoch value? Is this because of some kind of timezone thing?

how to change date/time format in .csv email alert?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?