Re: How to change the date format from 'yyyy-mm-dd...

Neel88 · ‎02-01-2023

I am working on the saved search not index/lookup.

I tried this code -

| eval date=strftime(strptime(<fieldname>,"%Y-%m-%d %H:%M:%S"), "%m-%d-%Y %H:%M:%S")

but getting the blank data. Pls help

bowesmana · ‎02-01-2023

There is nothing wrong with the eval statement, so it means that your field (which I assume is not the "<fieldname>" but the name of a field) is not in that format.

| makeresults
| eval x="2023-02-02 04:02:01"
| eval date=strftime(strptime(x,"%Y-%m-%d %H:%M:%S"), "%m-%d-%Y %H:%M:%S")

Neel88 · ‎02-01-2023

| loadjob savedsearch="nobody:splunk_fcr_evo:last_31_days_monitoring_data"
| eval New_date=strftime(strptime(Date,"%Y-%m-%d %H:%M:%S"), "%m-%d-%Y %H:%M:%S")
| fields Date, adt, FLOW, NB1, New_date

Above gives blank results in the New_date column

bowesmana · ‎02-01-2023

Please show the value of the Date field after the loadjob

Neel88 · ‎02-02-2023

Date

2022-06-04

2022-06-05

isoutamo · ‎02-02-2023

Hi

your Date is not in the same format as you are using on strptime. You haven’t have hours, minutes and seconds on it. For that reason this didn’t work. Just drop those away from format or use field which contains also those.

r. Ismo

How to change the date format from 'yyyy-mm-dd' to 'mm-dd-yyyy' on the saved search?

count

eval

field extraction

fields

lookup

stats

tstats

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!