Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to convert Week of Year number to a standard Date format?

mrfredman
Path Finder
‎10-28-2014 02:33 PM

Hi,

I have a set of data where the date is stored as Year/Week of Year.

For example: this week would be 14/43 while the first week of January first would be 14/1.

I would like to convert this into something easily readable, likely Month/Day/Year.

As Week of Year doesn't seem to be a standard time/date variable, I'm having trouble figuring out a solution using time conversion methods. Any pointers would be welcome.

Tags (4)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎10-28-2014 03:43 PM

Assuming your week starts with a Monday, here's a pretty way of doing this:

| stats count | eval in = "2014/43" | eval out = strptime(in." 1", "%Y/%U %w") | eval formatted = strftime(out, "%+")

That yields Monday, October 27th 00:00:00 for me. Change the 1 in the strptime() to 0 if your weeks start with Sunday.

Reply

mschellhouse
Path Finder
‎10-12-2017 01:44 PM

How about if the format is YYYY-MM-WW? ex. 2017-10-41.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎10-12-2017 02:10 PM

Strip out the month and go from there? The week number should be sufficient.

Alternatively, add the month to the strptime.

0 Karma
Reply

somesoni2
SplunkTrust
SplunkTrust
‎10-28-2014 03:19 PM

Try something like this (runanywhere sample)

|gentimes start=-1 | eval temp="14/43" | table temp |  eval newDate=relative_time(strptime(mvindex(split(temp,"/"),0)."/01/01","%y/%m/%d") + tonumber(mvindex(split(temp,"/"),1))*86400*7 - 86400,"@w") | convert ctime(newDate)

You can use the expression into a macro (eval newDate).

Reply

Raghav2384
Motivator
‎10-28-2014 02:45 PM

Is this based on Fiscal calendar? what i am going to suggest might be the hardest way. Here's what i think should do.
Going by your example, 14/43
i would extract it rex "^.*\/(\d+)\s". Now i should have Week field = 43
A giant if loop , Eval Month = if((Week<=5),"January",if(Week>5 AND Week <=10),February..........)
Now you have both Week and Month fields. Concatenate Year and Month.

0 Karma
Reply

Raghav2384
Motivator
‎10-28-2014 02:53 PM

Sorry the rex is ended up all wrong. "^.*\/(?\d+)\s"

0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

We’ve been shouting it from the rooftops! The findings from the 2023 Splunk Career Impact Report showing that ...

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...