Splunk Search

How to make a string date UI sortable like _time?

nick405060
Motivator

I have a string date field and would like to sort it in a table by clicking the field.

No, I do not want it displayed as epoch.

How can I do this?

0 Karma
1 Solution

nick405060
Motivator

fieldformat:

| makeresults | eval a="11/4/2018" | append [| makeresults | eval a ="1/5/2019"] | sort 0 a | eval a=strptime(a,"%m/%d/%Y") | fieldformat a=strftime(a,"%m/%d/%Y") | table a

View solution in original post

0 Karma

nick405060
Motivator

fieldformat:

| makeresults | eval a="11/4/2018" | append [| makeresults | eval a ="1/5/2019"] | sort 0 a | eval a=strptime(a,"%m/%d/%Y") | fieldformat a=strftime(a,"%m/%d/%Y") | table a

View solution in original post

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!