How to dynamically put today's date in the source ...

Bhuavana · ‎02-02-2015

Hi Team,

How do I dynamically put today's date value in the source field of an xml input value?

I have the search below where I need to dynamically put today's date in the source field having xml as input value. Currently i have hardcoded 2015-02-03 but it should take today's date in the future.

index=test source="/env/transactionlog/aaa_Logs/TL_aaa_WUCARD_LOOKUP_2015-02-03.xml" | rex field=_raw "(?P[^<]+)" | stats count by Tran

Please suggest how to achieve this?

MuS · ‎02-03-2015

Hi Bhunavana,

take this example:

index=_internal [| gentimes start=-1 | eval source="foo.boo-" + strftime(now(), "%Y-%m-%d") | return source]

this will translate to this Splunk litsearch:

litsearch index=_internal source="foo.boo-2015-02-03"

So using your provided search try something like this:

index=test [| gentimes start=-1 | eval source="/env/transactionlog/aaa_Logs/TL_aaa_WUCARD_LOOKUP_" + strftime(now(), "%Y-%m-%d") + ".xml" | return source ] | rex field=_raw "(?P[^<]+)" | stats count by Tran

Hope this helps ...

cheers, MuS

How to dynamically put today's date in the source field of an xml input value?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

How to dynamically put today's date in the source field of an xml input value?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine