In the query _time is already formatted. But when i try to export the data in csv its showing different formats.
Query:index="wineventlog" host IN (USMDCKPAP30074) EventCode=6006 OR EventCode="6005" Type=Information
| eval BootUptime = if(EventCode=6005,strftime(_time, "%Y-%d-%m %H:%M:%S"),null())
| table host BootUptime
Eg:
2022-31-01 10:00:42 |
2022-29-01 06:40:11 |
2022-27-01 12:55:56 |
After exporting :
8/1/2022 4:08 |
1/1/2022 4:03 |
2021-25-12 04:03:29 |
2021-18-12 04:02:54 |
2021-16-12 10:14:45 |
2021-16-12 10:08:21 |
11/12/2021 4:08 |
4/12/2021 4:11 |
Please help me resolve this
| eval BootUptime = if(EventCode=6005,strftime(_time, "%Y-%d-%m %H:%M:%S"),"n/a")
| eval BootUptime = if(EventCode=6005,strftime(_time, "%Y-%d-%m %H:%M:%S"),"n/a")
Thank You so much, this works!!