Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to make another field as date field instead of _time?

vrmandadi
Builder
‎02-20-2018 02:45 PM

I am doing a chart command on two fields as below

index=main sourcetype=csv "Site "=* "Content "=* | chart count( Views) by "Event Date"

The above command gives the count of view for each event date

Event Date count( Views)
2/14/2018 408960
2/15/2018 427769

but when I select the date range from the time picker the data is not changing,how can I make the "Event data" change on selecting the desired date range

Tags (2)
0 Karma
Reply

mayurr98
Super Champion
‎02-21-2018 12:11 AM

You can change the _time to have values from field Event Date, at search time like this, but note that the time range will still apply from the older value of _time.

your base search | eval _time=strptime("Event Date","%m/%d/%Y")  | timechart span=1d count( Views)

let me know if this helps!

0 Karma
Reply

vrmandadi
Builder
‎02-21-2018 06:50 AM

I tried this before but it does not show any results and other thing is that all the interesting and selected fields will not be seen

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...