Hi, I am trying to create a timechart report and I want to manipulate the output of the _time field so instead of reading 8/28/14 12:00:00.000 AM that, for example, I can see 8/28/14 or Thursday. Anyone know how to do this? I am not referencing the _time field so removing/modifying it seems tough. This is the last piece of the 7 day search:
index="pan_logs" | timechart span=1d dc(src_user) as "Source" BY firewall
Thanks,
Paul
... View more