Re: table export displays different date format

voltaireb · ‎11-04-2011

Hi All, If I create a custom report using a table, the date displays and outputs in the browser fine:
11/1/11 5:35:20.000 PM

However, when I export the custom report to CSV, the date does not display as the browser:
2011-11-01T17:35:20.000-05:00

Any idea how I can get the CSV date to appear like what's displayed in the browser?

obesechicken13 · ‎11-30-2012

I think this occurs when you create a time chart and export that data. I don't think you can add a field to a timechart just like that.
timechart count by domain,_time
returns _time not valid.

You can go to excel and convert the date manually.

So as an example you can use the datevalue or date functions in excel.
datevalue("2012-11-30")+B2/24
when 2012-11-30 is the first date of your splunk data
and your data has a span of an hour (24)
and column B in excel is a bunch of numbers starting from 0 and incrementing by 1 every row down.

DanielBC · ‎03-19-2012

You can add an additional formatted time field to your query to format the date/time into something a little easier to read with: '| convert ctime(_time) as time'

When you export the data you can remove the _time field from the CSV and use the new 'time' field instead.

table export displays different date format

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Join the Conversation

table export displays different date format

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community