Your conversions require that you use the full specification of the timestamp;
Tue, 31 Dec 2013 17:48:19 +0000
First you need to convert it from string to epoch
eval xxx = strptime(your_date_field,"%a, %d %b %Y %H:%M:%S %z")
Then you can convert it back into subparts with the strftime function
eval yyy = strftime(xxx,"%d")
eval zzz = strftime(xxx,"%m-%d")
If the timestamp field you are using for these conversion is the same that is used by Splunk for indexing the event, you can skip the first step and use _time instead. In this case, you may also have the desired subparts extracted in the various date_* fields. Beware though, that these are not adjusted for timezone differences.
see;
www.strftime.net
http://docs.splunk.com/Documentation/Splunk/6.0.1/SearchReference/Commontimeformatvariables
http://docs.splunk.com/Documentation/Splunk/6.0.1/SearchReference/CommonEvalFunctions
/K
... View more