Re: How to change week to time format?

hagar71 · ‎02-08-2023

hello everyone,

I have a column which contains week1 , week2 ,week3,week4,week5 and I want an input to the chart to show me the data from week1 to week3 for example or week2 to week5 how could I do that?

bowesmana · ‎02-08-2023

If you want a filter to only show weekX to weekY in your chart, you can use one or two text input boxes do define start/end week numbers. Let's assume you have 2 inputs, with the tokens tok_week_start and tok_week_end, then in your search you can finish the search with something like this

... your chart building search ...
| rex field=week_column "week(?<week_no>\s+)"
| where week_no>=$tok_week_start$ AND week_no<=$tok_week_end$
| fields - week_no

bowesmana · ‎02-08-2023

You can of course do this with a time picker input, but that will not be a week based approach.

I assume you were talking about a dashboard and my comments were related to the classic dashboard use of tokens.

hagar71 · ‎02-09-2023

@bowesmana

I tried

| rex field=Date "week(?<week_no>\s+)"
| where week_no>="week1" AND week_no<="week5"
| fields - week_no

but No results found the column of the weeks called Date

bowesmana · ‎02-09-2023

Should be

| rex field=Date "week\s?(?<week_no>\d+)"
| where week_no>=1 AND week_no<=5
| fields - week_no

regex was wrong in my first example.

How to change week to time format?

CSV

data

field extraction

Thanks for the Memories! Splunk University, .conf25, and our Community

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Are you a member of the Splunk Community?