Re: How to format _time column to display only mon...

sudeep5689 · ‎05-28-2020

Hi i have a column _time getting displayed in the results due to timechart used in the query. Its currently getting displayed in the form of 03-2020 but i want to show it like March or Mar. Is there a way to do that?

richgalloway · ‎05-28-2020

One of these should work. %B gives the full month name. Use %b for the abbreviated name.

... | fieldformat _time=strftime(_time, "%B")

... | eval _time = strftime(_time, "%B")

---
If this reply helps you, Karma would be appreciated.

ankitsachdeva22 · ‎11-10-2022

Hii I've column Months getting displayed in the form of 03 but i want to show it like March or Mar. Is there way to do that....I used this result but it shows same result

sudeep5689 · ‎05-29-2020

Hi, the values looked fine in tabular view but in visualization it is causing error, Undefined NAN is coming on top of column chart

richgalloway · ‎05-29-2020

"NAN" means "Not A Number", which is true for any month name.

It appears we have solved the specific problem, but there is a bigger problem which requires a solution. Please post a new question describing that problem.

---
If this reply helps you, Karma would be appreciated.

How to format _time column to display only month name

timechart

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies