Solved: Extracting date from a date string that has many o...

matansocher · ‎08-23-2017

Hi,

I have a field (string) that contains dates. the fields has a few formats and I need to extract the day, month and year from it.
Examples for the values possible of that field:
4/8/2016
4/8/16
04/8/2016
04/8/16
4/08/2016
04/08/2016
31/08/16

I think regex would be a good way to solve it, but I cant figure out how to use it.

Thanks

HiroshiSatoh · ‎08-23-2017

Try this!

ex.)---extract the day->Day

(your search)|rex field=Date "^(?<wk_day>\d+)\/(?<wk_month>\d+)\/(?<wk_year>\d+)$"
| eval wk_day=if(len(wk_day)=2,wk_day,"0"+wk_day),
  wk_month=if(len(wk_month)=2,wk_month,"0"+wk_month),
  wk_year=if(len(wk_year)=4,wk_year,"20"+wk_year)

View solution in original post

HiroshiSatoh · ‎08-23-2017

Try this!

ex.)---extract the day->Day

(your search)|rex field=Date "^(?<wk_day>\d+)\/(?<wk_month>\d+)\/(?<wk_year>\d+)$"
| eval wk_day=if(len(wk_day)=2,wk_day,"0"+wk_day),
  wk_month=if(len(wk_month)=2,wk_month,"0"+wk_month),
  wk_year=if(len(wk_year)=4,wk_year,"20"+wk_year)

matansocher · ‎08-23-2017

Thanks! exactly what I needed

Extracting date from a date string that has many options

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Extracting date from a date string that has many options

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem