Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I get a substring from a field after the "_" character?

vb1612
New Member
‎02-20-2019 01:26 PM

I have a string as ABCD_20190219_XYZ

I need to get 20190219 like 8 characters after first "_" and than convert that substring to a date.

Thanks

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Vijeta
Influencer
‎02-20-2019 01:54 PM

You can use rex to get the date substring and then use strptime and strftime to date format. Suppose your string is x="ABCD_20190219_XYZ", then use the below command.

rex field=x "_(?<date>\S{8})"| eval time=strptime(date,"%Y%m%d")|eval Date=strftime(time,"%m/%d/%Y")

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Vijeta
Influencer
‎02-20-2019 01:54 PM

You can use rex to get the date substring and then use strptime and strftime to date format. Suppose your string is x="ABCD_20190219_XYZ", then use the below command.

rex field=x "_(?<date>\S{8})"| eval time=strptime(date,"%Y%m%d")|eval Date=strftime(time,"%m/%d/%Y")
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Seamless IT/OT Security: A Hands-On Look at the Cisco Cyber Vision Splunk Add-on

With just a few clicks, you can ingest critical OT asset details, vulnerabilities, baseline deviations, ...