Re: table export displays different date format

voltaireb · ‎11-04-2011

Hi All, If I create a custom report using a table, the date displays and outputs in the browser fine:
11/1/11 5:35:20.000 PM

However, when I export the custom report to CSV, the date does not display as the browser:
2011-11-01T17:35:20.000-05:00

Any idea how I can get the CSV date to appear like what's displayed in the browser?

obesechicken13 · ‎11-30-2012

I think this occurs when you create a time chart and export that data. I don't think you can add a field to a timechart just like that.
timechart count by domain,_time
returns _time not valid.

You can go to excel and convert the date manually.

So as an example you can use the datevalue or date functions in excel.
datevalue("2012-11-30")+B2/24
when 2012-11-30 is the first date of your splunk data
and your data has a span of an hour (24)
and column B in excel is a bunch of numbers starting from 0 and incrementing by 1 every row down.

DanielBC · ‎03-19-2012

You can add an additional formatted time field to your query to format the date/time into something a little easier to read with: '| convert ctime(_time) as time'

When you export the data you can remove the _time field from the CSV and use the new 'time' field instead.

table export displays different date format

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

table export displays different date format

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk