Solved: How to extract date from a field name in a csv fil...

sc0tt · ‎07-28-2014

I'm struggling with extracting a date value from a field name in a csv file. I have a field named "Status for 2014-28-07". I want to extract the date portion of the field name in order to determine if the file was generated for the current date. I know that having a separate date field would simplify things, but this is how the file is generated.

What's the best way to do this?

martin_mueller · ‎07-28-2014

Take a look at this run-anywhere example:

| stats count | eval "Status for 2014-28-07" = "foo" | foreach "Status for 20*" [eval date = "20<<MATCHSTR>>"]

Result:

Status for 2014-28-07   date
foo                     2014-28-07

View solution in original post

martin_mueller · ‎07-28-2014

Take a look at this run-anywhere example:

| stats count | eval "Status for 2014-28-07" = "foo" | foreach "Status for 20*" [eval date = "20<<MATCHSTR>>"]

Result:

Status for 2014-28-07   date
foo                     2014-28-07

sc0tt · ‎07-28-2014

Brilliant! Just what I needed.

sc0tt · ‎07-28-2014

It is the column header. For example:
Id, Status for 2014-28-07
01, active
02, inactive

strive · ‎07-28-2014

Is this column header OR a value in a column. If it is value in a column then what is the column header name.

How to extract date from a field name in a csv file?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!