Solved: Extracting date from a date string that has many o...

matansocher · ‎08-23-2017

Hi,

I have a field (string) that contains dates. the fields has a few formats and I need to extract the day, month and year from it.
Examples for the values possible of that field:
4/8/2016
4/8/16
04/8/2016
04/8/16
4/08/2016
04/08/2016
31/08/16

I think regex would be a good way to solve it, but I cant figure out how to use it.

Thanks

HiroshiSatoh · ‎08-23-2017

Try this!

ex.)---extract the day->Day

(your search)|rex field=Date "^(?<wk_day>\d+)\/(?<wk_month>\d+)\/(?<wk_year>\d+)$"
| eval wk_day=if(len(wk_day)=2,wk_day,"0"+wk_day),
  wk_month=if(len(wk_month)=2,wk_month,"0"+wk_month),
  wk_year=if(len(wk_year)=4,wk_year,"20"+wk_year)

View solution in original post

HiroshiSatoh · ‎08-23-2017

Try this!

ex.)---extract the day->Day

(your search)|rex field=Date "^(?<wk_day>\d+)\/(?<wk_month>\d+)\/(?<wk_year>\d+)$"
| eval wk_day=if(len(wk_day)=2,wk_day,"0"+wk_day),
  wk_month=if(len(wk_month)=2,wk_month,"0"+wk_month),
  wk_year=if(len(wk_year)=4,wk_year,"20"+wk_year)

matansocher · ‎08-23-2017

Thanks! exactly what I needed

Extracting date from a date string that has many options

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

Extracting date from a date string that has many options

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits