Re: table export displays different date format

voltaireb · ‎11-04-2011

Hi All, If I create a custom report using a table, the date displays and outputs in the browser fine:
11/1/11 5:35:20.000 PM

However, when I export the custom report to CSV, the date does not display as the browser:
2011-11-01T17:35:20.000-05:00

Any idea how I can get the CSV date to appear like what's displayed in the browser?

obesechicken13 · ‎11-30-2012

I think this occurs when you create a time chart and export that data. I don't think you can add a field to a timechart just like that.
timechart count by domain,_time
returns _time not valid.

You can go to excel and convert the date manually.

So as an example you can use the datevalue or date functions in excel.
datevalue("2012-11-30")+B2/24
when 2012-11-30 is the first date of your splunk data
and your data has a span of an hour (24)
and column B in excel is a bunch of numbers starting from 0 and incrementing by 1 every row down.

DanielBC · ‎03-19-2012

You can add an additional formatted time field to your query to format the date/time into something a little easier to read with: '| convert ctime(_time) as time'

When you export the data you can remove the _time field from the CSV and use the new 'time' field instead.

table export displays different date format

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms