I have time entries like
2017-01-04T19:12:33.0117979+00:00 in the logs.
How can I change this to
eval Time=_time(_time,"%Y"-%m-%d %H:%M:%S) but it doesn't work.
Also, I want to get all rows of a table which have same values of a specific column. How can I achieve that?
Are you trying to update the _raw data that you see in search result OR create a new fields Time which will store the time in required format? For later, try like this
| eval Time=strftime(_time,"%Y-%m-%d %H:%M:%S")
When you say "same values of a specific column", is the value a static string/number? Are you trying to filter rows by comparing a column to have a certain values like
account_number="foo123434" or similar? If yes, you can include the same in your base search, e.g.
index=_internal sourcetype=splunkd log_level="WARN"