Solved: How to extract date from a field name in a csv fil...

sc0tt · ‎07-28-2014

I'm struggling with extracting a date value from a field name in a csv file. I have a field named "Status for 2014-28-07". I want to extract the date portion of the field name in order to determine if the file was generated for the current date. I know that having a separate date field would simplify things, but this is how the file is generated.

What's the best way to do this?

martin_mueller · ‎07-28-2014

Take a look at this run-anywhere example:

| stats count | eval "Status for 2014-28-07" = "foo" | foreach "Status for 20*" [eval date = "20<<MATCHSTR>>"]

Result:

Status for 2014-28-07   date
foo                     2014-28-07

View solution in original post

martin_mueller · ‎07-28-2014

Take a look at this run-anywhere example:

| stats count | eval "Status for 2014-28-07" = "foo" | foreach "Status for 20*" [eval date = "20<<MATCHSTR>>"]

Result:

Status for 2014-28-07   date
foo                     2014-28-07

sc0tt · ‎07-28-2014

Brilliant! Just what I needed.

sc0tt · ‎07-28-2014

It is the column header. For example:
Id, Status for 2014-28-07
01, active
02, inactive

strive · ‎07-28-2014

Is this column header OR a value in a column. If it is value in a column then what is the column header name.

How to extract date from a field name in a csv file?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases