Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

To findout month and week from a Field

kml_uvce
Builder
‎02-22-2012 01:59 AM

I have a field like in this format 2012-02-11
This field is in many events with diffrent year-month-day.

I want to make a search in which I can extaract information wrt month and week from this field.
How I can do this

kamal singh bisht
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎02-22-2012 02:13 AM 
... | rex field=yourfield "(?<year>.+?)-(?<month>.+?)-(?<day>.+)"

Substitute yourfield with whatever your field is called.

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎02-22-2012 02:13 AM 
... | rex field=yourfield "(?<year>.+?)-(?<month>.+?)-(?<day>.+)"

Substitute yourfield with whatever your field is called.

Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 04:51 AM

Excellent. Could you please mark my answer as accepted? Thanks!

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 04:09 AM

Thanks this works for me now...

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 04:07 AM

With all due respect: http://lmgtfy.com/?q=strftime

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 04:05 AM

I am not able to find out the complete doc for strftime, can you make this search ?

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 02:41 AM

Yes, using the same technique. Look up all strftime parameters, there are many different ones.

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 02:40 AM

cool it works , also is there any way to find month name also (jan ,feb etc) form search?

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 02:31 AM

Correcting myself - apparently strftime can handle this, using the %u (week starting on Monday) or %U (week starting on Sunday) parameter!

You could do something like this to get the week number:

eval week=strftime(strptime(yourfield,"%Y-%m-%d"),"%U")
0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 02:24 AM

I mean to say that I want week number from this search so that I can make chart wrt week number

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 02:24 AM

Not easily done, as that will change from year to year. Your best bet would probably be to create a lookup file that maps dates to week numbers and use that.

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 02:22 AM

yes, its week number

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 02:20 AM

What do you mean by week, week number?

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 02:19 AM

ok it works for month , but how I can figure out about the week

kamal singh bisht
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...