Your sed command is wrong for your example data. The space is before the colon in your example. but your sed is replacing the space after the colon.

Your example data as posted seems to have two spaces before the colon, at least if I copy/paste your data there are two spaces.

Note also that you could do the fixup and strptime once, e.g.

| makeresults format=csv data="ClintReqRcvdTime
Wed 4 Jun 2025 17:16:02  :161 EDT
Mon 2 Jun 2025 02:52:50  :298 EDT
Mon 9 Jun 2025 16:11:05  :860 EDT"

```  This is what you want - above is just constructing an example dataset ```

| eval t=strptime(replace(ClintReqRcvdTime, "\s*:\s*", ":"), "%a %d %b %Y %H:%M:%S:%Q %Z")
| eval date_only=strftime(t, "%m/%d/%Y")
| eval year_only=strftime(t, "%Y")
| eval month_only=strftime(t, "%b")
| eval week_only=floor(tonumber(strftime(t, "%d"))/7+1)

as an example  - there is only 1 space - it might be copy paste error that has 2 spaces - but it is only 1 space  in it. Its only some times i get this extra space

this is how i get the values in it

Wed 4 Jun 2025 17:16:02  :161 EDT  - sometimes extra space

Wed 4 Jun 2025 17:16:02 :161 EDT  - sometimes extra No extra space

why do we have 2 \s*: and \s*  - i think we just need 1 \s*:

t=strptime(replace(ClintReqRcvdTime, "\s*:\s*", ":"), "%a %d %b %Y %H:%M:%S:%Q %Z")

The strptime function will return null when the format string does not match the value in the field.  Other than meta-characters ('%a', etc.) the format string must match *exactly*, including spaces.  That means including spaces in the format string if they are expected in the data.

That said, the sed command should be removing the extra spaces so no accommodation in strptime should be needed.

Thank you Rich, If i just remove the extra space that is in the strp function i should be ok
eval date_only=strftime(strptime(ClintReqRcvdTime, "%a %d %b %Y %H:%M:%S :%3N %Z"), "%m/%d/%Y")

let me test this - thanks alot