Solved: Re: How to extract date YYYYMMDD from _time?

royimad · ‎07-10-2013

How to extract date YYYYMMDD from _time?

Damien_Dallimor · ‎07-10-2013

... | eval mytime=strftime(_time, "%Y%m%d") | table mytime

View solution in original post

nandipatisunil · ‎11-01-2013

How do i get this treated as date again?
I was using the above eval to get just the date out (ignoring the time) ... but i see that the string extracted is treated as a number when i graph it.

How do i get it converted back to date?

eg: i have events with different timestamp and the same date. I want to group them based on the date by ignoring the timestamp on it.

kristian_kolb · ‎11-01-2013

with strptime;

...| eval my_new_time = strptime(mytime, "%Y%m%d")

/k

Damien_Dallimor · ‎07-10-2013

... | eval mytime=strftime(_time, "%Y%m%d") | table mytime

How to extract date YYYYMMDD from _time?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

How to extract date YYYYMMDD from _time?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future