Solved: How to extract just the date from a timestamp conv...

ECovell · ‎10-20-2015

I have a conversion set up to change the epoch time | convert ctime(_time) as date time. I would like to keep just the date and ditch the time function.

The field looks like this: 10/20/2015 06:30:15

Thank you for any help

ppablo · ‎10-20-2015

Hi @ECovell

You could use the timeformat argument for convert to specify the format you want right away.

|convert timeformat="%m/%d/%Y" ctime(_time) AS date

Or you could use the eval strftime function instead and specify the format.

|eval date=strftime(_time, "%m/%d/%Y")

View solution in original post

ppablo · ‎10-20-2015

Hi @ECovell

You could use the timeformat argument for convert to specify the format you want right away.

|convert timeformat="%m/%d/%Y" ctime(_time) AS date

Or you could use the eval strftime function instead and specify the format.

|eval date=strftime(_time, "%m/%d/%Y")

ECovell · ‎10-21-2015

Thank you so very much!!

ppablo · ‎10-21-2015

You're very welcome 🙂

AdsicSplunk · ‎04-04-2018

Hi @ppablo_splunk,

Can we use the above in alerts as well? For example:- $job.earliestTime$ gives me "2018-04-04T00:00:00.000+04:00" wheras I want only "2018-04-04".

nikitasharma96 · ‎10-30-2023

HI everyone

did you find this answer? i am also looking for same.

covert time stamp 2023-10-20T05:30:00+05:30 to date

@AdsicSplunk @ECovell @ppablo @splunkdate

@Rex @Eval

How to extract just the date from a timestamp converted from epoch time?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!