Solved: How to create a new field with similar values?

beepbop · ‎08-29-2023

Hi, I have a data with the following dates under the field "Warranty_End_Date"

Warranty_End_Date	Manufacturer
4/1/2026	Lenovo
4/8/2026	Lenovo
1/9/2026	Acer
4/1/2025	Apple
19/7/2023	Acer
4/1/2026	Acer
4/4/2026	HP
8/1/2028	Lenovo
10/1/2022	Lenovo
4/1/2026	Apple
4/1/2026	Apple
4/1/2026	Lenovo
4/1/2026	Lenovo
4/1/2026	Lenovo
4/3/2026	Lenovo
4/3/2026	Lenovo

I want to create a new field with the similar values wrt Warranty_End_Date
Tried the command eval WarEnd = case("Warranty_End_Date" = "*2026", "2026", 1=1, "NA") and similarly for other years but got no proper output

gcusello · ‎08-29-2023

Hi @beepbop,

let me understand, you want to create a new field, where id the year of "Warranty_End_Date" is 2026, you want to put 2026, otherwise "NA", is it correct?

if this is your requirement, you could try something like this:

| eval WarEnd=if(strftime(strptime("Warranty_End_Date","%d/%m/%Y"),"%Y")= "2026", "2026", "NA")

Ciao.

Giuseppe

View solution in original post

gcusello · ‎08-29-2023

Hi @beepbop,

let me understand, you want to create a new field, where id the year of "Warranty_End_Date" is 2026, you want to put 2026, otherwise "NA", is it correct?

if this is your requirement, you could try something like this:

| eval WarEnd=if(strftime(strptime("Warranty_End_Date","%d/%m/%Y"),"%Y")= "2026", "2026", "NA")

Ciao.

Giuseppe

beepbop · ‎08-29-2023

Yes, the solution works, thanks @gcusello !

How to create a new field with similar values?

eval

fields

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation