Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to format _time column to display only month name

sudeep5689
Explorer
‎05-28-2020 09:01 AM

Hi i have a column _time getting displayed in the results due to timechart used in the query. Its currently getting displayed in the form of 03-2020 but i want to show it like March or Mar. Is there a way to do that?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-28-2020 09:55 AM

One of these should work. %B gives the full month name. Use %b for the abbreviated name.

... | fieldformat _time=strftime(_time, "%B")

... | eval _time = strftime(_time, "%B")
---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply

sudeep5689
Explorer
‎05-29-2020 03:04 AM

Hi, the values looked fine in tabular view but in visualization it is causing error, Undefined NAN is coming on top of column chart

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-29-2020 06:00 AM

"NAN" means "Not A Number", which is true for any month name.

It appears we have solved the specific problem, but there is a bigger problem which requires a solution. Please post a new question describing that problem.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Get Updates on the Splunk Community!