Solved: Re: change time on date field

_Mauro_Costa_ · ‎03-13-2025

Hello,
I have 2 columns, one with date and other with the day of week
based on day of week whenever is Saturday or Sunday, I want to change the time to 9 am
How can I do this?

submitted	dayweek	result
13/03/2025 14:24	Thursday	13/03/2025 14:24
12/03/2025 09:31	Wednesday	12/03/2025 09:31
11/03/2025 13:45	Tuesday	11/03/2025 13:45
10/03/2025 18:11	Monday	10/03/2025 18:11
09/03/2025 11:21	Sunday	09/03/2025 09:00
08/03/2025 21:55	Saturday	08/03/2025 09:00
07/03/2025 10:24	Friday	07/03/2025 10:24

gcusello · ‎03-13-2025

Hi @_Mauro_Costa_ ,

you could try with:

| eval date=if(dayweek IN (Saturday,Sunday),strftime(strptime(date,"%d/%m/%Y %H:%M"),"%d/%m/%Y 9.00"), date)

Ciao.

Giuseppe

View solution in original post

gcusello · ‎03-13-2025

Hi @_Mauro_Costa_ ,

you could try with:

| eval date=if(dayweek IN (Saturday,Sunday),strftime(strptime(date,"%d/%m/%Y %H:%M"),"%d/%m/%Y 9.00"), date)

Ciao.

Giuseppe

change time on date field

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

Join the Conversation