Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

date and month recognition from soruce file name for timepicker implementation

realajay89
Explorer
‎10-06-2014 06:52 AM

i am trying to implement Time picker for my dashboard . the dashboard gives monthly statistics .
my source data doesn't have any date or month or any timestamp ..
my source file name is " BTM_Net_July.csv" and BTM_Net_august.csv"
now as i select date ranges in splunk . i would like to get the results on the dashboard for that particular month.
i want the timepicker to pick the date from the source filename .
how is it possible . can anyone guide me .
Thanks

0 Karma
Reply

theouhuios
Motivator
‎10-06-2014 08:48 AM

You can write a search to populate that. basically a rex should do it .

When the data is indexed is splunk placing the timestamp? There will be a _time value which will denote the time of the event ( In your case its very likely that splunk places the timestamp of when the file was indexed instead of the _time of event). So if a file in july has been indexed in Aug it might place the date in Aug when the file has been indexed as the _time value.

Coming back to rex

<| rex field=source "BTM_NET_(?\w+)\.">

will give you the month. To limit the data to this you might want to do this if the _time value becomes an issue.

   sourcetype=<yoursourcetype> source=*$Month$.csv | <remainingsearch>
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...