The following sample Splunk search converts a range of date formats to a common target format. In the parsing phase, _time can have a range of timeformat parses executed in the pipeline, using the case command on sourcetype.
index=zip_logfiles
| convert timeformat="%A %e %B %Y" ctime(_time) AS formatOne
| convert timeformat="%e %B %Y" ctime(_time) AS formatTwo
| convert timeformat="%A %e %B" ctime(_time) AS formatThree
| convert timeformat="%A %e %Y" ctime(_time) AS formatFour
| eval my_date=case(sourcetype==one, formatOne,
sourcetype==two, formatTwo,
sourcetype==three, formatThree,
sourcetype=four, formatFour)
| stats sparkline count, sum(duration) as total_Durations by my_date
... View more