How to format _time column to display only month n...

sudeep5689 · ‎05-28-2020

Hi i have a column _time getting displayed in the results due to timechart used in the query. Its currently getting displayed in the form of 03-2020 but i want to show it like March or Mar. Is there a way to do that?

richgalloway · ‎05-28-2020

One of these should work. %B gives the full month name. Use %b for the abbreviated name.

... | fieldformat _time=strftime(_time, "%B")

... | eval _time = strftime(_time, "%B")

---
If this reply helps you, Karma would be appreciated.

ankitsachdeva22 · ‎11-10-2022

Hii I've column Months getting displayed in the form of 03 but i want to show it like March or Mar. Is there way to do that....I used this result but it shows same result

sudeep5689 · ‎05-29-2020

Hi, the values looked fine in tabular view but in visualization it is causing error, Undefined NAN is coming on top of column chart

richgalloway · ‎05-29-2020

"NAN" means "Not A Number", which is true for any month name.

It appears we have solved the specific problem, but there is a bigger problem which requires a solution. Please post a new question describing that problem.

---
If this reply helps you, Karma would be appreciated.

How to format _time column to display only month name

timechart

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

How to format _time column to display only month name

timechart

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I