How to extract timestamp from file name

ravir_jbp · ‎06-28-2024

I have a event that are generated in csv format with timestamp within file name as mentioned below. Need to extract timestamp from the file and create new column as _time. Need rex query to extract the YYYY-MM-DD HH:MM:SS.

D:\automation\miscprocess\test_utilization_info_20240618_195509.csv

ITWhisperer · ‎06-28-2024

Do you mean you have loaded the csv into a lookup or that the csv has been ingested into an index and there is a source field associated with each event with the file name in?

ravir_jbp · ‎06-28-2024

The CSV files are generated by automation which generated the server status with filename when the file was generated. There is not timestamp generated in the file so I have to use file generation time stamp in the naming convention.

ravir_jbp · ‎06-28-2024

This is file content. This contnt does not have timestamp for each entries. So I have to use the file timestmap for each entries within csv file

ITWhisperer · ‎06-28-2024

| rex field=source "info_(?<timestamp>\d{8}_\d{6})\.csv"
| eval _time=strptime(timestamp,"%Y%m%d_%H%M%S")

How to extract timestamp from file name

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Unlock Instant Security Insights from Amazon S3 with Splunk Cloud — Try Federated ...

Are you a member of the Splunk Community?

How to extract timestamp from file name

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Unlock Instant Security Insights from Amazon S3 with Splunk Cloud — Try Federated ...