# Revision history [back]

### Tshark -d option to format date doesn't work

Tshark's driving me mad! I want to parse a trace and output as csv with headers and I want the date format in UTC. Instead I always get the long format like "May 20, 2020 17:34:23.241938000 Eastern Daylight Time".

My current attempt is using the following, which according to link:this post can be done with -t ud, but it doesn't affect the output. For instance:

tshark -r in.pcap -Y frame.number==1 -E header=y  -E separator=',' -t ud -T fields -e frame.time


I also explored the -o gui.column.format option (which is tricky to get working in powershell, but I did). I was able to format the date properly using that method, but I didn't see a way to add comma separators or headers.

My long term goal is to dump TCP parameters so that I can import into Splunk and design charts to understand slow uploads and TCP congestion. Wireshark takes to long to chart and crashes frequently. And some a previously mentioned tool like TCP trace is archaic stating that maybe it'll work on Win2000 :) Splunk integration would also be nice because I could correlate with other log data that is already imported.

Doesn't anybody know why -d option doesn't work?

Thanks -Paul

 2 None grahamb 22977 ●4 ●661 ●224 https://www.wireshark.org

### Tshark -d option to format date doesn't work

Tshark's driving me mad! I want to parse a trace and output as csv with headers and I want the date format in UTC. Instead I always get the long format like "May 20, 2020 17:34:23.241938000 Eastern Daylight Time".

My current attempt is using the following, which according to link:this post can be done with -t ud, but it doesn't affect the output. For instance:

tshark -r in.pcap -Y frame.number==1 -E header=y  -E separator=',' -t ud -T fields -e frame.time


I also explored the -o gui.column.format option (which is tricky to get working in powershell, but I did). I was able to format the date properly using that method, but I didn't see a way to add comma separators or headers.

My long term goal is to dump TCP parameters so that I can import into Splunk and design charts to understand slow uploads and TCP congestion. Wireshark takes to long to chart and crashes frequently. And some a previously mentioned tool like TCP trace is archaic stating that maybe it'll work on Win2000 :) Splunk integration would also be nice because I could correlate with other log data that is already imported.

Doesn't anybody know why -d option doesn't work?

Thanks -Paul