How to remove the dynamic date and time from the i...

aaa2324 · ‎04-30-2021

How to compare the incoming data with dynamic date and time with the lookup table, example

i have incoming data in below format where the date and time keeps changing for every new entry

*abc -04/30 08:14:07 - c

*abc -04/30 08:03:20 -c

*abc -04/29 07:06:22 -c

and so on, I have to consolidate all the above data excluding the date and time and need to count how many times it is occurring. In my lookup table I have the same data in below format.

*abc -mm/dd hh:mm:ss -c

*abc -mm/dd hh:mm:ss-c

is there a way to get the desired results. ? Kindly advise

aaa2324 · ‎05-02-2021

Thanks how to change the script if there is comma in the middle

*abc -04/30, 08:14:07 - c

manjunathmeti · ‎05-03-2021

You add comma in the regex.

| rex mode=sed "s/\d{2}\/\d{2},?\s\d{2}:\d{2}:\d{2}//g"

manjunathmeti · ‎04-30-2021

You can use rex to remove the date time in the raw data.

| rex mode=sed "s/\d{2}\/\d{2}\s\d{2}:\d{2}:\d{2}//g"

How to remove the dynamic date and time from the incoming raw data and get the count

rex

timechart

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!