Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to format _time column to display only month name

sudeep5689
Explorer
‎05-28-2020 09:01 AM

Hi i have a column _time getting displayed in the results due to timechart used in the query. Its currently getting displayed in the form of 03-2020 but i want to show it like March or Mar. Is there a way to do that?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-28-2020 09:55 AM

One of these should work. %B gives the full month name. Use %b for the abbreviated name.

... | fieldformat _time=strftime(_time, "%B")

... | eval _time = strftime(_time, "%B")
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ankitsachdeva22
New Member
‎11-10-2022 04:29 AM

Hii I've column Months getting displayed in the form of 03 but i want to show it like March or Mar. Is there way to do that....I used this result but it shows same result

 

 

 

 

 

 

0 Karma
Reply

sudeep5689
Explorer
‎05-29-2020 03:04 AM

Hi, the values looked fine in tabular view but in visualization it is causing error, Undefined NAN is coming on top of column chart

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-29-2020 06:00 AM

"NAN" means "Not A Number", which is true for any month name.

It appears we have solved the specific problem, but there is a bigger problem which requires a solution. Please post a new question describing that problem.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...