topic How to use regex to extract date? in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-use-regex-to-extract-date/m-p/431204#M123258 <P>Hello experts , I need some help in extracting date time from the attribute "SrcDtm" in below sample data.</P> <PRE><CODE>&lt;GI SrcDtm="2019-04-18T18:23:47Z" SrcTmOff="-07:00" SrcAppCd="ABC" SrcCtryCd="IN" SrcFcId="ABCABC" SrcSrvaCd="ABC" SrcFcCd="ABC" CorrId="469429d1-00cd-49a3-906f-fce27fdb4d0c" /&gt; </CODE></PRE> Thu, 25 Apr 2019 11:28:13 GMT kirangurram 2019-04-25T11:28:13Z How to use regex to extract date? https://community.splunk.com/t5/Splunk-Search/How-to-use-regex-to-extract-date/m-p/431204#M123258 <P>Hello experts , I need some help in extracting date time from the attribute "SrcDtm" in below sample data.</P> <PRE><CODE>&lt;GI SrcDtm="2019-04-18T18:23:47Z" SrcTmOff="-07:00" SrcAppCd="ABC" SrcCtryCd="IN" SrcFcId="ABCABC" SrcSrvaCd="ABC" SrcFcCd="ABC" CorrId="469429d1-00cd-49a3-906f-fce27fdb4d0c" /&gt; </CODE></PRE> Thu, 25 Apr 2019 11:28:13 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-regex-to-extract-date/m-p/431204#M123258 kirangurram 2019-04-25T11:28:13Z Re: How to use regex to extract date? https://community.splunk.com/t5/Splunk-Search/How-to-use-regex-to-extract-date/m-p/431205#M123259 <P>Do you already have those key value pairs extracted as fields? If so, you don't need a rex, just a conversion to timestamp:</P> <PRE><CODE>| eval DateTime = strptime(SrcDtm,"%Y-%m-%dT%H:%M:%SZ") </CODE></PRE> <P>If you have not extracted key value pairs yet, rex would be one way to do that:</P> <PRE><CODE>| rex "SrcDtm=\"(?&lt;SrcDtm&gt;[^\"]+)\"" | eval DateTime = strptime(SrcDtm,"%Y-%m-%dT%H:%M:%SZ") </CODE></PRE> Thu, 25 Apr 2019 11:45:20 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-regex-to-extract-date/m-p/431205#M123259 FrankVl 2019-04-25T11:45:20Z Re: How to use regex to extract date? https://community.splunk.com/t5/Splunk-Search/How-to-use-regex-to-extract-date/m-p/431206#M123260 <P>Like this:</P> <PRE><CODE>... | rex "SrcDtm=\"(?&lt;SrcDtm&gt;[^\"]+)" </CODE></PRE> Fri, 26 Apr 2019 04:45:48 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-regex-to-extract-date/m-p/431206#M123260 woodcock 2019-04-26T04:45:48Z