I have a field DATE_OF_BIRTH and the values are like
1962-09-30 00:00:00.0
1955-10-21 00:00:00.0
1988-10-31 00:00:00.0
I am firing the below query,
index=aimsprod source=accident splunk_server=alpputl018 *100172697* OR *100172679* | fieldformat dobtime=strptime(DATE_OF_BIRTH,"%Y-%m-%d %H:%M:%S") | table DATE_OF_BIRTH,dobtime
The **dobtime** field only gives output for the value 1988-10-31 00:00:00.0.
Why it does not give output for the other 2 above mentioned values?![alt text][1]
[1]: /storage/temp/170221-untitled.png
↧