Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I change time format in dashboard?

joseph_mbimbi
Engager
‎09-21-2022 05:15 AM

Hello,
I would like to display dates in a dashboard studio table,
i want the format to be "%Y-%m-%d" but it is not displayed as such.

Here is the spl excerpt:

 

 

| eval vuln_publication_date_string = strftime(normalized_publication_time,"%Y-%m-%d")

 

 



Here is the result of the search associated with the table. The type of the field is a string

joseph_mbimbi_1-1663762858215.png

 

 

 



And here the table itself. I guess it is due to the format, but i cannot change it

joseph_mbimbi_2-1663763068899.png

 


Does anybody have an idea how to force the format in the table ?
Thank you

Labels (2)
Labels
Tags (1)
Reply

Abass42
Communicator
‎02-07-2025 09:05 AM

I signed in just to say I had this exact problem, and your question was exactly what I was looking for. Thank you. This forum post helped answer my issue. 

jowenssi Reply was what I was looking for. 

 

 

0 Karma
Reply

sbarnes_nj
Explorer
‎01-17-2023 10:34 AM

I'd like to add one tip to the advice given above: Dashboard Studio will not recognize that a column is a "time" unless it's already in ISO 8601 format or some subset thereof.  It's much more strict than Splunk's forwarders and indexers! You need to use strptime()/strftime() to reformat if necessary. Then, according to the not-so-easy-to-find Splunk UI docs you can use MomentJS formatting strings  as shown above.

Reply

eholz1
Contributor
‎01-18-2023 08:18 AM

The links you provided in your "tip" are excellent!!

Thanks!! And it is really easy to format dates in a DB Studio table using the "format column" feature.

 

Thanks for the tip,

eholz1

0 Karma
Reply

eholz1
Contributor
‎12-01-2022 10:03 AM

I have the same issue as well. If I ever figure it out I will post. It is a real pain!

Here is on post I found, but the search uses a real string:

| makeresults | eval field1="2017-10-05T16:00:00Z"
| eval new_field=strftime(strptime(field1,"%Y-%m-%dT%H:%M:%SZ")+28800,"%Y-%m-%d %H:%M:%S")
| table new_field

I have yet to figure out how to apply this to something like this:

| eval Date = strftime(_time, "%Y-%m-%d %H:%M:%S")

the eval above works fine in a SimpleXML dashboard but NOT dashboard studio!

eholz1

0 Karma
Reply

eholz1
Contributor
‎12-01-2022 12:00 PM

Finally figured it out.

1. select the table/fied you want to format

Then get in the edit mode: look for "Column Formatting", select the field you want to format,

and click the tip icon -

Display the field enter formatting:

Success!

eholz1

here:

eholz1_0-1669924992152.png

date_format.JPG

0 Karma
Reply

jowenssi
Path Finder
‎06-20-2024 11:20 AM

Using YYYY-MM-DD HH:MM:SS will yield incorrect results with the current dashboard studio version due to the overlap of Month and Minute.

The correct way would be to use: YYYY-MM-DD HH:mm:ss

@sbarnes_nj was correct in stating the format reference here: https://momentjs.com/docs/#/displaying/

Reply

Abass42
Communicator
‎02-07-2025 09:09 AM

This is exactly what I was looking for. Really nice doc linked. Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...
Top