Solved: Re: How to convert a number into a Date

mattheuslima · ‎07-23-2020

Hello, Folks.

I have a field that represents a date but in this format (YY/MM/DD).

For example: on 07/23/20 the field value will be 200723.

I need to transform this value into a date (DD/MM/YY).

I tried to use:

| eval MyDateEpoch=strptime(MyDate,"%Y%m%d")

but doesn't work.

Can you help me ?

to4kawa · ‎07-24-2020

| makeresults
| eval MyDate="200723"
| rex field=MyDate mode=sed "s/(\d\d)(\d\d)(\d\d)/\3\/\2\/\1/"

If MyDate is text, rex is useful.

View solution in original post

to4kawa · ‎07-24-2020

| makeresults
| eval MyDate="200723"
| rex field=MyDate mode=sed "s/(\d\d)(\d\d)(\d\d)/\3\/\2\/\1/"

If MyDate is text, rex is useful.

mattheuslima · ‎07-27-2020

It work!!

Thank you !!!!

isoutamo · ‎07-23-2020

Hi

you should try “%y%m%d” as format string. %y is 99 and %Y is 9999.

r. Ismo

mattheuslima · ‎07-24-2020

Hi, @isoutamo . Thanks for answer!

Unfortunately it doesn't work.

I got this as an answer "Error in 'eval' command: The expression is malformed. Expected AND."

isoutamo · ‎07-24-2020

Please try this:

index=_audit
| head 1
| eval MyDate="200723"
| eval MyDateEpoch=strptime(MyDate,"%y%m%d")
| eval NewDate=strftime(MyDateEpoch, "%d/%m/%y")
| table MyDate MyDateEpoch NewDate

How to convert a number into a Date?

eval

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?