Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to extract just the date from a timestamp converted from epoch time?

ECovell
Path Finder
‎10-20-2015 08:41 PM

I have a conversion set up to change the epoch time | convert ctime(_time) as date time. I would like to keep just the date and ditch the time function.

The field looks like this: 10/20/2015 06:30:15

Thank you for any help

Reply
1 Solution
Solved! Jump to solution
Solution

ppablo
Retired
‎10-20-2015 09:13 PM

Hi @ECovell

You could use the timeformat argument for convert to specify the format you want right away. 

|convert timeformat="%m/%d/%Y" ctime(_time) AS date

Or you could use the eval strftime function instead and specify the format.

|eval date=strftime(_time, "%m/%d/%Y")

View solution in original post

Reply
Solved! Jump to solution
Solution

ppablo
Retired
‎10-20-2015 09:13 PM

Hi @ECovell

You could use the timeformat argument for convert to specify the format you want right away. 

|convert timeformat="%m/%d/%Y" ctime(_time) AS date

Or you could use the eval strftime function instead and specify the format.

|eval date=strftime(_time, "%m/%d/%Y")
Reply
Solved! Jump to solution

ECovell
Path Finder
‎10-21-2015 02:33 AM

Thank you so very much!!

0 Karma
Reply
Solved! Jump to solution

ppablo
Retired
‎10-21-2015 09:45 AM

You're very welcome 🙂

0 Karma
Reply
Solved! Jump to solution

AdsicSplunk
New Member
‎04-04-2018 03:52 AM

Hi @ppablo_splunk,

Can we use the above in alerts as well? For example:- $job.earliestTime$ gives me "2018-04-04T00:00:00.000+04:00" wheras I want only "2018-04-04".

0 Karma
Reply
Solved! Jump to solution

nikitasharma96
New Member
‎10-30-2023 02:38 AM

HI everyone 

 

did you find this answer? i am also looking for same.

covert time stamp 2023-10-20T05:30:00+05:30  to date 

 

 

@AdsicSplunk @ECovell @ppablo  @splunkdate

@Anonymous @Anonymous 

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...