Knowledge Management

Extracting the date from a filename without modifying the datetime.xml

mahbs
Path Finder

Hi,

I'm trying to extract the date from a filename without having to configure the config.file, i want to be able to achieve this through the search panel.

This is my file name: name_name_20171130.txt

This is the regular expression I've found that is the closest to helping me achieve what I need:

source="name_name_20171130.txt" host="xxx" |   rex field= source="(?<date>[\d/]+)\s\w+" |table _raw 
ITEM, SOH_DIFF, field

Alternatively, this expression: (?\d{8})

Please Help!

Tags (1)
0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

Hi

Can you please try this query, it will extract date from your source file name in date field.

source="name_name_20171130.txt" host="xxx" |   rex field=source "(?:[^\_]*\_){2}(?<date>.*)\.txt" |table _raw, ITEM, SOH_DIFF, date

I hope this helps.

Thanks,
Harshil

View solution in original post

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi

Can you please try this query, it will extract date from your source file name in date field.

source="name_name_20171130.txt" host="xxx" |   rex field=source "(?:[^\_]*\_){2}(?<date>.*)\.txt" |table _raw, ITEM, SOH_DIFF, date

I hope this helps.

Thanks,
Harshil

0 Karma

mahbs
Path Finder

Thank you!

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>