Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

exporting data into a csv file in splunk + _time format changes to `2015-09-15T00:00:00.000+1200` but want `"2015-09-15 00:00:00`

HattrickNZ
Motivator
‎09-23-2015 03:53 PM

exporting data into a csv file in splunk

i have a search that gives me data as follows in the stats tab.

_time   ABC1-OUT-MB ABC2-OUT-Mbps
2015-09-15 00:00:00 24144.1990  603.604974
2015-09-15 00:05:00 23642.2730  591.056826
2015-09-15 00:10:00 22453.5770  561.339425
2015-09-15 00:15:00 20894.8522  522.371305
2015-09-15 00:20:00 20389.8815  509.747037
2015-09-15 00:25:00 19339.4728  483.486819

when I export it to a csv file the _time column gets this funky formatting 2015-09-15T00:00:00.000+1200

_time   ABC1-OUT-MB ABC2-OUT-Mbps
2015-09-15T00:00:00.000+1200    24144.199   603.604974
2015-09-15T00:05:00.000+1200    23642.273   591.056826
2015-09-15T00:10:00.000+1200    22453.577   561.339425
2015-09-15T00:15:00.000+1200    20894.8522  522.371305
2015-09-15T00:20:00.000+1200    20389.8815  509.747037
2015-09-15T00:25:00.000+1200    19339.4728  483.486819

Is there a way I can export it into csv so that it looks liket the below format in the csv?
2015-09-15 00:00:00

my workaround at the minute is to fiddle with it inexcel

0 Karma
Reply

gcato
Contributor
‎09-23-2015 05:06 PM

Hi Hattrick,

The _time field is treated specially when displayed in splunk. The easiest way would be to eval the _time value into another field with strftime() and then use the new time field instead. For example

... | eval mytime = strftime(_time, "%Y-%m-%d %H:%M:%S") | table mytime ...

Hope that helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...