Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to assign dates using eval

raghu0463
Explorer
‎08-04-2017 07:39 AM

Hi,
Here I want to assign Initial_L1_Decision_Date dates to Queue_to_Initial_L1_Days. There are some dates for Initial_L1_Decision_Date, but the table for Queue_to_Initial_L1_Days does not show any dates, I'm getting all blanks.

index = index_T1 source= Source_E1 sourcetype = SourceType_E1 |eval Queue_to_Initial_L1_Days = strftime(Initial_L1_Decision_Date, "%Y-%M-%D %H:%M:%S") |table Queue_to_Initial_L1_Days

Thanks

0 Karma
Reply

DalJeanis
Legend
‎08-04-2017 01:25 PM

Be sure to mark code as code.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-04-2017 08:44 AM

Is Initial_L1_Decision_Date in epoch form? There's a typo in the strftime format string. Try "%Y-%m-%d %H:%M:%S".

---
If this reply helps you, Karma would be appreciated.
Reply

DalJeanis
Legend
‎08-04-2017 01:28 PM

@raghu0463 - I moved this comment to answer because it's the answer.

Use "%Y-%m-%d %H:%M:%S"
Month is %m, not %M
Day is %d, not %D

0 Karma
Reply

ddrillic
Ultra Champion
‎08-04-2017 07:48 AM

Sample data maybe ; - )

0 Karma
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

[Puzzles] Solve, Learn, Repeat: Unmerging HTML TablesFor a previous puzzle, I needed some sample data, and ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...