How to extract timestamp from file name

ravir_jbp · ‎06-28-2024

I have a event that are generated in csv format with timestamp within file name as mentioned below. Need to extract timestamp from the file and create new column as _time. Need rex query to extract the YYYY-MM-DD HH:MM:SS.

D:\automation\miscprocess\test_utilization_info_20240618_195509.csv

ITWhisperer · ‎06-28-2024

Do you mean you have loaded the csv into a lookup or that the csv has been ingested into an index and there is a source field associated with each event with the file name in?

ravir_jbp · ‎06-28-2024

The CSV files are generated by automation which generated the server status with filename when the file was generated. There is not timestamp generated in the file so I have to use file generation time stamp in the naming convention.

ravir_jbp · ‎06-28-2024

This is file content. This contnt does not have timestamp for each entries. So I have to use the file timestmap for each entries within csv file

ITWhisperer · ‎06-28-2024

| rex field=source "info_(?<timestamp>\d{8}_\d{6})\.csv"
| eval _time=strptime(timestamp,"%Y%m%d_%H%M%S")

How to extract timestamp from file name

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability