Solved: Re: How to extract a field with date string values...

ashishlal82 · ‎03-08-2018

I extracted a field SNDateCreated (regex shown below), the values in this field are represented as strings.

index="win" source="ad" | rex "wCreated=\d{1,2}\:\d{1,2}\.\d{1,2}\s\w+\,\s\w+\s(?.*?)\s" | table SNDateCreated

My goal is to present SNDateCreated with dates 14 days back from now, it should be sorting based on the values in SNDateCreated rather than event dates.
Expected:
03/08/2018
03/07/2018
03/05/2018
..... going 14 days back.

elliotproebstel · ‎03-08-2018

If you have successfully extracted the dates into SNDateCreated and want to sort reverse-chronologically and retain only those in the last 14 days:

your search
| where date>=strftime(relative_time(now(), "-14d"), "%m/%d/%Y") 
| sort - date

View solution in original post

elliotproebstel · ‎03-08-2018

If you have successfully extracted the dates into SNDateCreated and want to sort reverse-chronologically and retain only those in the last 14 days:

your search
| where date>=strftime(relative_time(now(), "-14d"), "%m/%d/%Y") 
| sort - date

How to extract a field with date string values?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

How to extract a field with date string values?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...