Dashboards & Visualizations

How to extract Date from Day format

aditsss
Motivator

Hi All,

I have one field Rundatetime which is in below format:

10/25/2020 3:57

10/16/2020 5:22

I just want to extract Date from it as below:

10/25/2020

10/16/2020

How can I do that. Can someone guide me

My current query is this:

| inputlookup mnr_rally_defects2.csv| table Rundatetime 

Labels (3)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @aditsss,

for this reason I hinted to use rex instead substr!

Try again with my rex hint.

Ciao.

Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @aditsss,

you can use the solution of @termcap, that surely works, or the following regex:

 

| rex field=Rundatetime "^(?<date>[^ ]+)"

 

Ciao.

Giuseppe 

0 Karma

aditsss
Motivator

@gcusello 

I am not getting all the dates correct :

1/8/2021 3:
1/9/2021 3:
10/16/2020
10/17/2020
10/20/2020
10/25/2020
10/27/2020
11/14/2020
11/17/2020
11/18/2020
12/2/2020 3
12/24/2020
12/30/2020

 

Getting some values like below.

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @aditsss,

for this reason I hinted to use rex instead substr!

Try again with my rex hint.

Ciao.

Giuseppe

aditsss
Motivator

@gcusello 

I used like  this:

 

| inputlookup mnr_rally_defects1.csv| rex field=rundatetime "?(?<date>[^ ]+)"| table date

getting below error:

Error in 'rex' command: Encountered the following error while compiling the regex '?(?<date>[^ ]+)': Regex: quantifier does not follow a repeatable item.

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @aditsss,

sorry!

there was a typing error, please try this:

| rex field=Rundatetime "^(?<date>[^ ]+)"

Ciao.

Giuseppe

0 Karma

termcap
Path Finder

 

| inputlookup mnr_rally_defects2.csv| eval date_today=substr(Rundatetime ,1,11)

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...