Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I change time format in dashboard?

joseph_mbimbi
Engager
‎09-21-2022 05:15 AM

Hello,
I would like to display dates in a dashboard studio table,
i want the format to be "%Y-%m-%d" but it is not displayed as such.

Here is the spl excerpt:

 

 

| eval vuln_publication_date_string = strftime(normalized_publication_time,"%Y-%m-%d")

 

 



Here is the result of the search associated with the table. The type of the field is a string

joseph_mbimbi_1-1663762858215.png

 

 

 



And here the table itself. I guess it is due to the format, but i cannot change it

joseph_mbimbi_2-1663763068899.png

 


Does anybody have an idea how to force the format in the table ?
Thank you

Labels (2)
Labels
Tags (1)
Reply

Abass42
Communicator
‎02-07-2025 09:05 AM

I signed in just to say I had this exact problem, and your question was exactly what I was looking for. Thank you. This forum post helped answer my issue. 

jowenssi Reply was what I was looking for. 

 

 

0 Karma
Reply

sbarnes_nj
Explorer
‎01-17-2023 10:34 AM

I'd like to add one tip to the advice given above: Dashboard Studio will not recognize that a column is a "time" unless it's already in ISO 8601 format or some subset thereof.  It's much more strict than Splunk's forwarders and indexers! You need to use strptime()/strftime() to reformat if necessary. Then, according to the not-so-easy-to-find Splunk UI docs you can use MomentJS formatting strings  as shown above.

Reply

eholz1
Builder
‎01-18-2023 08:18 AM

The links you provided in your "tip" are excellent!!

Thanks!! And it is really easy to format dates in a DB Studio table using the "format column" feature.

 

Thanks for the tip,

eholz1

0 Karma
Reply

eholz1
Builder
‎12-01-2022 10:03 AM

I have the same issue as well. If I ever figure it out I will post. It is a real pain!

Here is on post I found, but the search uses a real string:

| makeresults | eval field1="2017-10-05T16:00:00Z"
| eval new_field=strftime(strptime(field1,"%Y-%m-%dT%H:%M:%SZ")+28800,"%Y-%m-%d %H:%M:%S")
| table new_field

I have yet to figure out how to apply this to something like this:

| eval Date = strftime(_time, "%Y-%m-%d %H:%M:%S")

the eval above works fine in a SimpleXML dashboard but NOT dashboard studio!

eholz1

0 Karma
Reply

eholz1
Builder
‎12-01-2022 12:00 PM

Finally figured it out.

1. select the table/fied you want to format

Then get in the edit mode: look for "Column Formatting", select the field you want to format,

and click the tip icon -

Display the field enter formatting:

Success!

eholz1

here:

eholz1_0-1669924992152.png

date_format.JPG

0 Karma
Reply

jowenssi
Path Finder
‎06-20-2024 11:20 AM

Using YYYY-MM-DD HH:MM:SS will yield incorrect results with the current dashboard studio version due to the overlap of Month and Minute.

The correct way would be to use: YYYY-MM-DD HH:mm:ss

@sbarnes_nj was correct in stating the format reference here: https://momentjs.com/docs/#/displaying/

Reply

Abass42
Communicator
‎02-07-2025 09:09 AM

This is exactly what I was looking for. Really nice doc linked. Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...