I have a CSV file uploaded via "lookup Editor" and my "Scan Date" column has the following time format:
11/19/2019 11:13:53 AM
I want Splunk to recognize this time format for me to tell it to display everything older than 7 days from now.
First step was to change it to epoch to then change to 11/19/2019 format, excluding the hour, minutes and seconds.
| eval "epoch"= strptime("Scan Date","%m/%d/%Y %I:%M:%S %p")
But I don't see anything when I:
table "epoch"
What am I missing?
... View more