Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I change time format in dashboard?

joseph_mbimbi
Engager
‎09-21-2022 05:15 AM

Hello,
I would like to display dates in a dashboard studio table,
i want the format to be "%Y-%m-%d" but it is not displayed as such.

Here is the spl excerpt:

 

 

| eval vuln_publication_date_string = strftime(normalized_publication_time,"%Y-%m-%d")

 

 



Here is the result of the search associated with the table. The type of the field is a string

joseph_mbimbi_1-1663762858215.png

 

 

 



And here the table itself. I guess it is due to the format, but i cannot change it

joseph_mbimbi_2-1663763068899.png

 


Does anybody have an idea how to force the format in the table ?
Thank you

Labels (3)
Labels
Tags (1)
Reply

sbarnes_nj
Explorer
‎01-17-2023 10:34 AM

I'd like to add one tip to the advice given above: Dashboard Studio will not recognize that a column is a "time" unless it's already in ISO 8601 format or some subset thereof.  It's much more strict than Splunk's forwarders and indexers! You need to use strptime()/strftime() to reformat if necessary. Then, according to the not-so-easy-to-find Splunk UI docs you can use MomentJS formatting strings  as shown above.

Reply

eholz1
Contributor
‎01-18-2023 08:18 AM

The links you provided in your "tip" are excellent!!

Thanks!! And it is really easy to format dates in a DB Studio table using the "format column" feature.

 

Thanks for the tip,

eholz1

0 Karma
Reply

eholz1
Contributor
‎12-01-2022 10:03 AM

I have the same issue as well. If I ever figure it out I will post. It is a real pain!

Here is on post I found, but the search uses a real string:

| makeresults | eval field1="2017-10-05T16:00:00Z"
| eval new_field=strftime(strptime(field1,"%Y-%m-%dT%H:%M:%SZ")+28800,"%Y-%m-%d %H:%M:%S")
| table new_field

I have yet to figure out how to apply this to something like this:

| eval Date = strftime(_time, "%Y-%m-%d %H:%M:%S")

the eval above works fine in a SimpleXML dashboard but NOT dashboard studio!

eholz1

0 Karma
Reply

eholz1
Contributor
‎12-01-2022 12:00 PM

Finally figured it out.

1. select the table/fied you want to format

Then get in the edit mode: look for "Column Formatting", select the field you want to format,

and click the tip icon -

Display the field enter formatting:

Success!

eholz1

here:

eholz1_0-1669924992152.png

date_format.JPG

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...