How to convert timestamp to date for below timesta...

monicateja · ‎10-05-2022

How can i convert timestamp to date for below timestamp to just date 2022-10-04.

timestamp: 2022-10-04 19:52:00.151 -0500

Requirement is to visualize values in last 7 days based on date

gcusello · ‎10-05-2022

do you want to display data in a timechart command or what else (table, stats)?

if in timechart command, you have to insert in the timechart the option "span=1d"

If in table or in stats command, you have to use the bin command.

| bin span=1d _time

Ciao.

Giuseppe

monicateja · ‎10-05-2022

Need both in table & also in stats but need to filter by just date not by entire timestamp

gcusello · ‎10-05-2022

with the bin command (for more infos see at https://docs.splunk.com/Documentation/Splunk/9.0.1/SearchReference/Bin9 you give to each event a timestamp compressed to the 00:00:00.

so you can group them.

To display a timestamp without time in the format you like, you can use eval strftime

| timestamp=strftime(_time,"%Y-%m-%d")

Ciao.

Giuseppe

How to convert timestamp to date for below timestamp to just date 2022-10-04?