Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

To findout month and week from a Field

kml_uvce
Builder
‎02-22-2012 01:59 AM

I have a field like in this format 2012-02-11
This field is in many events with diffrent year-month-day.

I want to make a search in which I can extaract information wrt month and week from this field.
How I can do this

kamal singh bisht
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎02-22-2012 02:13 AM 
... | rex field=yourfield "(?<year>.+?)-(?<month>.+?)-(?<day>.+)"

Substitute yourfield with whatever your field is called.

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎02-22-2012 02:13 AM 
... | rex field=yourfield "(?<year>.+?)-(?<month>.+?)-(?<day>.+)"

Substitute yourfield with whatever your field is called.

Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 04:51 AM

Excellent. Could you please mark my answer as accepted? Thanks!

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 04:09 AM

Thanks this works for me now...

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 04:07 AM

With all due respect: http://lmgtfy.com/?q=strftime

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 04:05 AM

I am not able to find out the complete doc for strftime, can you make this search ?

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 02:41 AM

Yes, using the same technique. Look up all strftime parameters, there are many different ones.

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 02:40 AM

cool it works , also is there any way to find month name also (jan ,feb etc) form search?

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 02:31 AM

Correcting myself - apparently strftime can handle this, using the %u (week starting on Monday) or %U (week starting on Sunday) parameter!

You could do something like this to get the week number:

eval week=strftime(strptime(yourfield,"%Y-%m-%d"),"%U")
0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 02:24 AM

I mean to say that I want week number from this search so that I can make chart wrt week number

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 02:24 AM

Not easily done, as that will change from year to year. Your best bet would probably be to create a lookup file that maps dates to week numbers and use that.

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 02:22 AM

yes, its week number

kamal singh bisht
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎02-22-2012 02:20 AM

What do you mean by week, week number?

0 Karma
Reply
Solved! Jump to solution

kml_uvce
Builder
‎02-22-2012 02:19 AM

ok it works for month , but how I can figure out about the week

kamal singh bisht
0 Karma
Reply
Get Updates on the Splunk Community!

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened Audit Trail v2 wasn’t written in isolation—it was shaped by your voices. In ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...