How to Format Dates in Splunk Email Reports for Im...

KingUs80 · ‎09-30-2024

I'm trying to resolve an issue where Splunk sends email reports, but the information exported as an attachment uses a "chron number" format for dates instead of a more readable format like "September 30, 2024." Where can I implement a fix for this, and how can I do it?

KingUs80 · ‎09-30-2024

I finally identified the mistake I was making, and the issue has been resolved. Thank you for your reponse!

KingUs80 · ‎09-30-2024

I finally identified the mistake I was making, and the issue has been resolved. Thank you so much for your reponse!

richgalloway · ‎09-30-2024

How did you correct it? Please share to help others.

---
If this reply helps you, Karma would be appreciated.

marnall · ‎09-30-2024

This might work:

<yoursearch>
| eval <yourdisplayedtimefield> = strftime(<youroriginaltimefield>, "%B %e, %Y")

And here is a good reference website for picking the string format characters: https://strftime.net/

richgalloway · ‎09-30-2024

Please tell us more. Are the emailed reports built-in to Splunk or custom (created by your organization)? If the latter, please share the SPL used to generate the reports so we can suggest changes that will improve the readability.

I take it by "chron number" you're referring to dates in integer ("epoch") format - the number of seconds since 1/1/1970. If so, the report probably just needs to use the strftime function to change the format into something easier to read.

---
If this reply helps you, Karma would be appreciated.

How to Format Dates in Splunk Email Reports for Improved Readability

correlation search

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?