Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to format timechart time values easily

ericrobinson
Path Finder
‎08-28-2013 02:07 PM

Not a splunk newbie, but I cant seem to figure out how to format my timechart values to be readable. The default format:

2013-08-28T14:30:00.000-04:00

Is not ideal for reading, and is normally too much information.

Tags (1)
0 Karma
Reply

Ayn
Legend
‎08-28-2013 02:12 PM

Use fieldformat to create the format you want.

... | timechart ... | fieldformat _time=strftime(_time,"%+")

For some inspiration on format strings, visit http://strfti.me/

Reply

Ayn
Legend
‎08-29-2013 09:37 AM

I personally check the strftime man pages on any UNIX system I happen to have nearby. They're available on the web too, of course: http://linux.die.net/man/3/strftime for instance.

0 Karma
Reply

ericrobinson
Path Finder
‎08-29-2013 09:11 AM

This seems to work great, but where can I find the options for strftime? I dont see a "%+" formatting option from your link..

0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎08-28-2013 04:36 PM

(Not having tried this yet...) does it keep the format for any tooltips as well?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...