Solved: Re: convert string date(without seprater) to reada...

goyals05 · ‎01-23-2018

Hi,

I am using data-models. In raw data I am getting date as YYYYMMDD, I want to convert it in DD/MM/YYYY.

Is there a simple way to convert this as there is no separator ?

Otherwise I have to separate them in 3 different fields and use it.

 ^(?<year>\d\d\d\d)(?<month>\d\d)(?<day>\d\d)

Example : 20180112 to 12/01/2018
Thanks

mayurr98 · ‎01-24-2018

Try this run anywhere search

| makeresults 
| eval date="20180112 20180130 20180131 20181212 20181231" 
| makemv date 
| mvexpand date 
| eval date=strftime(strptime(date,"%Y%m%d"),"%d/%m/%Y")

In your environment you should write,

<your_base_Search>
| eval date=strftime(strptime(date,"%Y%m%d"),"%d/%m/%Y")

The inner date is the field which have YYYYMMDD format.
let me know if this helps!

View solution in original post

mayurr98 · ‎01-24-2018

Try this run anywhere search

| makeresults 
| eval date="20180112 20180130 20180131 20181212 20181231" 
| makemv date 
| mvexpand date 
| eval date=strftime(strptime(date,"%Y%m%d"),"%d/%m/%Y")

In your environment you should write,

<your_base_Search>
| eval date=strftime(strptime(date,"%Y%m%d"),"%d/%m/%Y")

The inner date is the field which have YYYYMMDD format.
let me know if this helps!

493669 · ‎01-23-2018

Try this anywhere search:

| makeresults
| eval Time="20180112"
| eval time=strftime(strptime(Time,"%Y%m%d"),"%d/%m/%Y")

You can create eval field expression in data model using | eval time=strftime(strptime(Time,"%Y%m%d"),"%d/%m/%Y")

mayurr98 · ‎01-24-2018

this will not work if you have Time="20180125" as the format is DD/MM/YYYY and not MM/DD/YYYY.

493669 · ‎01-24-2018

Thanks for correction! ☺

convert string date(without seprater) to readable date format - 20180112 to 12/01/2018

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor