Solved: Re: Changing time format

zacksoft · ‎01-09-2018

Currently I'm using a stats command to populate a few fields along with time.
The command is as follows,
stats values(session_id) as Session values(_time) as Time values(action) as Action_Performed values(success) as Rate by usage

Here I get Time in a strange format , like 1515424081.
Is there any way to change the format to something readable ?

mayurr98 · ‎01-09-2018

hey @zacksoft

try this

<your_base_query> |stats values(session_id) as Session values(_time) as Time values(action) as Action_Performed values(success) as Rate by usage | eval c_time=strftime(Time,"%m/%d/%y %H:%M:%S")

Let me know if it works!

View solution in original post

mayurr98 · ‎01-09-2018

hey @zacksoft

try this

<your_base_query> |stats values(session_id) as Session values(_time) as Time values(action) as Action_Performed values(success) as Rate by usage | eval c_time=strftime(Time,"%m/%d/%y %H:%M:%S")

Let me know if it works!

zacksoft · ‎01-09-2018

@mayurr98 Perfecto !!

Changing time format

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation