hi there- I tried a few things already, but looking to get guidence on this one- I am using the LDAP query module in Splunk to dump out directory information and then present into a simple table, and running into a challenge simplifying extraction of the date from the AD account creation field: | ldapsearch basedn="XXXXXXXXXXX" search="(&(objectCategory=user)(objectClass=user)(distinguishedName=*))" attrs="displayName,distinguishedName,mail,lastLogonTimestamp,whenCreated" I want to simplify presentation of the two date and time fields: lasLogonTimestamp and whenCreated. What I get with these fields today when I output to a table (example) 2019-05-06 16:53:24+00:00 What I want to see: 2019-05-06 What I have tried: adding in: | eval Created=strftime(whenCreated,"%Y%m%d") | prior to my table command. this seems to result in nothing being populated in the new field (I am expecting just a date value) ...I am not sure if the strftime command is correct when it comes to this format of data... thoughts welcomed as always
... View more