Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to format _time column to display only month name

sudeep5689
Explorer
‎05-28-2020 09:01 AM

Hi i have a column _time getting displayed in the results due to timechart used in the query. Its currently getting displayed in the form of 03-2020 but i want to show it like March or Mar. Is there a way to do that?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-28-2020 09:55 AM

One of these should work. %B gives the full month name. Use %b for the abbreviated name.

... | fieldformat _time=strftime(_time, "%B")

... | eval _time = strftime(_time, "%B")
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ankitsachdeva22
New Member
‎11-10-2022 04:29 AM

Hii I've column Months getting displayed in the form of 03 but i want to show it like March or Mar. Is there way to do that....I used this result but it shows same result

 

 

 

 

 

 

0 Karma
Reply

sudeep5689
Explorer
‎05-29-2020 03:04 AM

Hi, the values looked fine in tabular view but in visualization it is causing error, Undefined NAN is coming on top of column chart

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-29-2020 06:00 AM

"NAN" means "Not A Number", which is true for any month name.

It appears we have solved the specific problem, but there is a bigger problem which requires a solution. Please post a new question describing that problem.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...