Hi,
I am using Splunk 4.1.2. I am trying to use fieldformat to format the _time to avoid converting it to string. Following is my search string:
index="someindex" sourcetype="log" | fieldformat mytime=strftime(_time,"%m/%d/%Y %k:%M") | table mytime, account_id
However I am getting the following error:
Search operation 'fieldformat' is
unknown. You might not have permission
to run this operation.
I think I am missing something here. Appreciate all the help I have got on this forum.
Thanks,
Suvelee
... View more