I have a csv lookup that has the date in MM/DD/YYYY format. I managed to get the data into splunk with DBConnect. Ultimately I will be creating a ITSI dashboard panel with a bar chart comparing this year to last. What is the best way to accomplish this?
You can use the strptime and strftime methods to convert them from unix timestamps back into readable dates. Using your example you could use:
| eval timestamp = strptime(Date,"%m/%d/%Y"), Year = strftime(timestamp,"%Y")
The first command takes the Date object and turns it into a 10 digit timestamp of seconds. The second command takes that time and returns the value from that timestamp you want, in this case year. The full list of time variables can be found here: