Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

timechart day of week

ewanbrown
Path Finder
‎12-08-2014 08:24 AM

Hi,

I have a report which is a basic timechart, but in the output like to put the day of week as well as the day

So Monday 8 December

rather than

8 December

Is this possible?

Thanks

0 Karma
Reply

chimell
Motivator
‎12-12-2014 04:36 AM 
    Try your search code like this : 

 your search here .... | convert timeformat="%A %d %B " ctime(_time) AS c_time |chart count by c_time

    it will give you the date format that you want. E.g : Monday 10 february  in X-Axis
0 Karma
Reply

somesoni2
Revered Legend
‎12-08-2014 08:59 AM

Try the accepted answers from below post

http://answers.splunk.com/answers/154266/how-to-change-format-for-time-field-values-to-display-in-ti...

Reply

aholzer
Motivator
‎12-08-2014 08:36 AM

You can use the convert command. Select from these options the proper format you wish the date to show up in. Here's an example:

your search here... | convert timeformat="%A %d %B" ctime(_time)

This should result in changing the _time field to strings of the format: ["Full weekday name" "numerical Day of the month" "Full month name"], example: "Monday 08 December".

Hope this helps

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...