Re: How to change the date format from 'yyyy-mm-dd...

Neel88 · ‎02-01-2023

I am working on the saved search not index/lookup.

I tried this code -

| eval date=strftime(strptime(<fieldname>,"%Y-%m-%d %H:%M:%S"), "%m-%d-%Y %H:%M:%S")

but getting the blank data. Pls help

bowesmana · ‎02-01-2023

There is nothing wrong with the eval statement, so it means that your field (which I assume is not the "<fieldname>" but the name of a field) is not in that format.

| makeresults
| eval x="2023-02-02 04:02:01"
| eval date=strftime(strptime(x,"%Y-%m-%d %H:%M:%S"), "%m-%d-%Y %H:%M:%S")

Neel88 · ‎02-01-2023

| loadjob savedsearch="nobody:splunk_fcr_evo:last_31_days_monitoring_data"
| eval New_date=strftime(strptime(Date,"%Y-%m-%d %H:%M:%S"), "%m-%d-%Y %H:%M:%S")
| fields Date, adt, FLOW, NB1, New_date

Above gives blank results in the New_date column

bowesmana · ‎02-01-2023

Please show the value of the Date field after the loadjob

Neel88 · ‎02-02-2023

Date

2022-06-04

2022-06-05

isoutamo · ‎02-02-2023

Hi

your Date is not in the same format as you are using on strptime. You haven’t have hours, minutes and seconds on it. For that reason this didn’t work. Just drop those away from format or use field which contains also those.

r. Ismo

How to change the date format from 'yyyy-mm-dd' to 'mm-dd-yyyy' on the saved search?

count

eval

field extraction

fields

lookup

stats

tstats

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

How to change the date format from 'yyyy-mm-dd' to 'mm-dd-yyyy' on the saved search?