 | 1 | initial version |
You would have to recompile Wireshark to do so, currently the format is hard-coded, see abs_time_to_str() in epan\to_str.c.
You could post-process the output using the tool of your choice to reformat the date.
You could submit an enhancement request to the Wireshark Bugzilla to add a field that allows the time format to be specified.
If this is still for Splunk, I believe by using Google and looking at their docs (I have never used Splunk) you can specify a time format for import, see Configure Timestamp Recognition and the TIME_FORMAT option. I'll leave the working out of that format as an exercise for the reader, but as a hint look at the examples.
