Solved: Re: Extracting date from a date string that has ma...

matansocher · ‎08-23-2017

Hi,

I have a field (string) that contains dates. the fields has a few formats and I need to extract the day, month and year from it.
Examples for the values possible of that field:
4/8/2016
4/8/16
04/8/2016
04/8/16
4/08/2016
04/08/2016
31/08/16

I think regex would be a good way to solve it, but I cant figure out how to use it.

Thanks

HiroshiSatoh · ‎08-23-2017

Try this!

ex.)---extract the day->Day

(your search)|rex field=Date "^(?<wk_day>\d+)\/(?<wk_month>\d+)\/(?<wk_year>\d+)$"
| eval wk_day=if(len(wk_day)=2,wk_day,"0"+wk_day),
  wk_month=if(len(wk_month)=2,wk_month,"0"+wk_month),
  wk_year=if(len(wk_year)=4,wk_year,"20"+wk_year)

View solution in original post

HiroshiSatoh · ‎08-23-2017

Try this!

ex.)---extract the day->Day

(your search)|rex field=Date "^(?<wk_day>\d+)\/(?<wk_month>\d+)\/(?<wk_year>\d+)$"
| eval wk_day=if(len(wk_day)=2,wk_day,"0"+wk_day),
  wk_month=if(len(wk_month)=2,wk_month,"0"+wk_month),
  wk_year=if(len(wk_year)=4,wk_year,"20"+wk_year)

matansocher · ‎08-23-2017

Thanks! exactly what I needed

Extracting date from a date string that has many options

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?

Extracting date from a date string that has many options

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard