Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Is there a way to remove seconds from a table?

jrevolorio
Explorer
‎08-25-2017 01:24 PM

I'm trying to create a report where it shows the date and time; however, when it comes to time I just want it to display the hour and minutes, not the seconds. Is there a way to do that?

Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Grumpalot
Communicator
‎08-25-2017 01:56 PM

@jrevolorio try adding this pipe into your search your search | eval time=strftime(_time, "%H:%M") | your report

What we are doing is taking the _time field and stripping out the Hour and Minute only. If you have another field you are pulling time from you can replace _time for that field. When you create your output you will then use the time field instead.

View solution in original post

Reply
Solved! Jump to solution

DalJeanis
Legend
‎08-25-2017 03:32 PM

You can format it, the way that @richgalloway and @Grumpalot said, or you can actually change the _time to eliminate the seconds like this -

| eval _time = 60*floor(_time/60)

Under the above, the standard output for _time should hide the seconds.

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-25-2017 01:58 PM

Use the fieldformat command. Something like this:

... | fieldformat myField=strftime(myField, "%Y-%m-%d %H:%M")
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

Grumpalot
Communicator
‎08-25-2017 01:56 PM

@jrevolorio try adding this pipe into your search your search | eval time=strftime(_time, "%H:%M") | your report

What we are doing is taking the _time field and stripping out the Hour and Minute only. If you have another field you are pulling time from you can replace _time for that field. When you create your output you will then use the time field instead.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...