Re: How to add a Date Field into my search and das...

dvadithala · ‎11-23-2015

Hi,

I'm completely new to Splunk and using Light version for evaluation. How can I add a date field into my search and also to the dashboard? I have Timestamp, date_mday, date_wday, date_hour etc.

But I wanted a date field for persistent field and also I wanted to use in my dashboard.

Please help.

Thanks,
Me

jedatt01 · ‎11-23-2015

If I understand what you are asking correctly, try adding this to your query to create a date field with the time stripped off. It is derived from the _time field which is Splunk's internal representation of your event date/timestamp

| eval mytime=strftime(_time, "%Y%m%d")

Does that answer your question?

dvadithala · ‎11-24-2015

Thanks for replying back. I don't understand it. Sorry, it's me, as I'm beginner. Based on your response. I've added your expression as following under "Edit Search String" in the dashboard. But it doesn't show the dates.

Severity=Error | eval mytime=strftime(_time, "%Y%m%d")

How can I add Date field as a field, like Timestamp, date_mday etc?

Thanks again.
Me

jedatt01 · ‎11-24-2015

when you use the eval command it will create a new field. In this case it's called mytime. You can use mytime just like you would use Timestamp or date_mday.

How to add a Date Field into my search and dashboard in Splunk Light?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk