So my original data looks like this:
AUDIT_CREATED_TS
7/17/2018 1:15:30 AM
7/17/2018 1:10:30 AM
7/17/2018 1:05:41 AM
:
:
But how do I change the data into this format via Splunk?
AUDIT_CREATED_TS
7/17/2018
7/17/2018
7/17/2018
:
:
Using this still does not help me:
...| convert timeformat="%m/%d-%Y" ctime(AUDIT_CREATED_TS) AS ctime
Doing this does not work too (AUDIT_CREATED_TS still in "%m/%d/%Y %H:%M:%S %AM/%PM" format, not %m/%d/%Y format I want)
... | eval AUDIT_CREATED_TS=strftime(AUDIT_CREATED_TS,"%m/%d/%Y")
... View more