Solved: Re: regex to split time/date from field in lookup ...

nathanluke86 · ‎02-13-2020

I have a lookup and would like to extract the date for a time chart

TIA

vnravikumar · ‎02-13-2020

Hi @nathanluke86

Try the below rex

| makeresults 
| eval whenCreated="04:25.45 PM, Thu 10/01/2015" 
| rex field=whenCreated "(?P<date>\d{2}\/\d{2}\/\d{4}$)"

vnravikumar · ‎02-13-2020

Hi @nathanluke86

Try the below rex

| makeresults 
| eval whenCreated="04:25.45 PM, Thu 10/01/2015" 
| rex field=whenCreated "(?P<date>\d{2}\/\d{2}\/\d{4}$)"

nathanluke86 · ‎02-14-2020

Took line 3 from above Thanks

oscar84x · ‎02-13-2020

Hello. Try this:

| makeresults 
| eval timeStamp="04:24.45 PM, Thu 10/01/2015"
| rex field=timeStamp "(?<time>\d+:\d+\.\d+\s\w+)\,\s\w+\s(?<date>\d+\/\d+\/\d+)"

manjunathmeti · ‎02-13-2020

Try:
| rex field=whenCreated "(?[\d:.\sAPM]+),\s\w{3}\s(?[\d/]+)"

Sample query:

| makeresults | eval whenCreated="04:25.45 PM, Thu 10/01/2015" | rex field=whenCreated "(?<time>[\d:.\sAPM]+),\s\w{3}\s(?<date>[\d/]+)"

nathanluke86 · ‎02-13-2020

@oscar84x @manjunathmeti @vnravikumar

I have multiple dates in the whenCreated column in the lookup (240 results all different times).

What I am trying to achieve is to just use the results of the lookup using two fields

timechart user by whenCreated if that make sense

TIA

regex to split time/date from field in lookup for timechart