×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
lucasle
Engager
Member since: ‎06-23-2020
‎07-06-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎06-23-2020
Activity Feed
Topics I've Started
View All

Re: Date-Time Field

by in Splunk Search
‎06-23-2020 02:18 AM
‎06-23-2020 02:18 AM
Hi @gcusello ,   Thanks for your swift reply, I very much appreciate it.   So to clarify again, the initial method that I mentioned - |eval YearNo = strftime(Date, "%Y") is used when dealing with real time data?   Also, thanks for your solution. I was just wondering if Splunk has a more intelligent way of reading the date string and recognising it as Year, Month or Day, instead of using substr to isolate the numericals and group them together. Either way, this works fine and I really appreciate it!   Best regards, Lucas ... View more

Date-Time Field

by in Splunk Search
‎06-23-2020 01:52 AM
‎06-23-2020 01:52 AM
Hi,    I am currently attempting to split the Date and Time from one field into 2 or more fields. I have read some of the questions and answers here, but to no avail.   I am working with Starbucks.csv, which shows the Date, Volume and Closing stock price of Starbucks. The Date format is in YYYY-MM-DD. My intention is to split the Date to Year, Month and Day Fields respectively.   I have seen some of the community answers and many proposed a simple method such as |eval YearNo=(Date, "%Y) for the Year field. However, I tried and the search simply did not return any new field, Below is a snippet of the attempt. I put Date and YearNo in the same table to show how YearNo was not extracted.   My next thought was that maybe splunk did not register the Date field as a date but merely as a string. I went ahead and plotted the Date vs Volume Chart on the visualization option and it does seem that Splunk registered the Date as date, and hence the plot was crafted nicely. The snippet is shown below.   I would greatly appreciate if someone could enlighten me on this situation and how can I extract the date to their individual fields.   Cheers, Lucas ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-06-2021 03:59 AM
Karma given to
View All