Getting Data In

Remove Time from results

pboynton63
Explorer

Since a picture speaks a thousand words here is what my current results get me:

alt text

As you can search my search gets me Date, Leased IP, and Host Name

I would like the Date field to contain only the date i.e 08/24/2016 and not the hour, minute and second. Is there a way to do that?

Thanks for any help you can throw my way,

P.

Tags (2)
0 Karma
1 Solution

sundareshr
Legend

Add this to your search

... | eval Date=strftime(Date, "%x")

View solution in original post

0 Karma

sundareshr
Legend

Add this to your search

... | eval Date=strftime(Date, "%x")
0 Karma

pboynton63
Explorer

I removed the convert piece as you suggested. That does not seem to have worked if I understood you correctly.
alt text

0 Karma

sundareshr
Legend

Instead of the convert, add this

... | eval Date=strftime(_time, "%x") | fields - _time | ...

pboynton63
Explorer

That did the trick! So many thanks to everyone for the help!

0 Karma

pboynton63
Explorer

Thank you Sundareshr,

Here are the results of your suggestion:

alt text

It seems to have taken the date and time, and what I was looking for was just to remove the hour, minute, and second. I would still like the date e.g. 08/24/2016

But I think we are close!

Again my thanks,

P.

0 Karma

MuS
SplunkTrust
SplunkTrust

Skip the convert - after that you have a string and no longer an epoch value which is required by strftime() to work.

cheers, MuS

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...