how to change the below raw time field to yyyy-mm-dd hh:mm:ss
am using the below query and didnt get any result
eval time = strftime(activityDateTime,"%Y-%m-%d %H:%M:%S")
Can someone please help
strftime is used to convert unix timestamp to human readable format.
you should use strptime to convert time which is already in human readable format if you need to format it.
| makeresults | eval activityDateTime="2020-09-09T18:21:12.2685607Z" | eval time = strftime(strptime(activityDateTime,"%Y-%m-%dT%H:%M:%S"),"%Y-%m-%d %H:%M:%S")
Looks like you need to parse the activityDateTime with strptime and then format that with strftime
eval time = strptime(strptime(activityDateTime, "%Y-%m-%dT%H:%M:%S.%Q"),"%Y-%m-%d %H:%M:%S")
Or you could just parse the activityDateTime string into an epoch time and the use fieldformat on the time field for display purposes