Re: How to change week to time format?

hagar71 · ‎02-08-2023

hello everyone,

I have a column which contains week1 , week2 ,week3,week4,week5 and I want an input to the chart to show me the data from week1 to week3 for example or week2 to week5 how could I do that?

bowesmana · ‎02-08-2023

If you want a filter to only show weekX to weekY in your chart, you can use one or two text input boxes do define start/end week numbers. Let's assume you have 2 inputs, with the tokens tok_week_start and tok_week_end, then in your search you can finish the search with something like this

... your chart building search ...
| rex field=week_column "week(?<week_no>\s+)"
| where week_no>=$tok_week_start$ AND week_no<=$tok_week_end$
| fields - week_no

bowesmana · ‎02-08-2023

You can of course do this with a time picker input, but that will not be a week based approach.

I assume you were talking about a dashboard and my comments were related to the classic dashboard use of tokens.

hagar71 · ‎02-09-2023

@bowesmana

I tried

| rex field=Date "week(?<week_no>\s+)"
| where week_no>="week1" AND week_no<="week5"
| fields - week_no

but No results found the column of the weeks called Date

bowesmana · ‎02-09-2023

Should be

| rex field=Date "week\s?(?<week_no>\d+)"
| where week_no>=1 AND week_no<=5
| fields - week_no

regex was wrong in my first example.

How to change week to time format?

CSV

data

field extraction

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Are you a member of the Splunk Community?