How to extract timestamp from file name

ravir_jbp · ‎06-28-2024

I have a event that are generated in csv format with timestamp within file name as mentioned below. Need to extract timestamp from the file and create new column as _time. Need rex query to extract the YYYY-MM-DD HH:MM:SS.

D:\automation\miscprocess\test_utilization_info_20240618_195509.csv

ITWhisperer · ‎06-28-2024

Do you mean you have loaded the csv into a lookup or that the csv has been ingested into an index and there is a source field associated with each event with the file name in?

ravir_jbp · ‎06-28-2024

The CSV files are generated by automation which generated the server status with filename when the file was generated. There is not timestamp generated in the file so I have to use file generation time stamp in the naming convention.

ravir_jbp · ‎06-28-2024

This is file content. This contnt does not have timestamp for each entries. So I have to use the file timestmap for each entries within csv file

ITWhisperer · ‎06-28-2024

| rex field=source "info_(?<timestamp>\d{8}_\d{6})\.csv"
| eval _time=strptime(timestamp,"%Y%m%d_%H%M%S")

How to extract timestamp from file name

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation

How to extract timestamp from file name

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions