Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

output of time field in splunk

avi123
Explorer
a month ago

Hi All,

I have time field having time range in this format in output of one splunk query:

TeamWorkTimings

09:00:00-18:00:00

I want to have the values stored in two fields like:

TeamStart

09:00:00

TeamEnd

18:00:00

How do I achieve this using regex or concat expression in splunk. Please suggest.

Labels (1)
Labels
0 Karma
Reply

avi123
Explorer
a month ago

thanks, it worked 🙂 

One more request, since I am new to splunk, could you please help me understand how this regular expression works, I mean what does this means in a regex expression:

| rex field=TeamWorkTimings "(?<TeamStart>[^-]+)-(?<TeamEnd>.*)"

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
a month ago

regex101.com is a good site to test and understand regular expressions

I have set this one up to show your extraction

https://regex101.com/r/mBRfJF/1

 

Reply

ITWhisperer
SplunkTrust
SplunkTrust
a month ago

Try something like this

| rex field=TeamWorkTimings "(?<TeamStart>[^-]+)-(?<TeamEnd>.*)"
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...