Hi,
I'd like to compare two dates and time (if A<=B):
the one, let's call it A, I have it already in epoch time and the second, let's call it B, is a fixed date and time, which is exactly 31-08-2015 23:59:59.
I tried it like this (converted A in human readable date/time):
| eval compare = strftime(A, "%d-%m-%Y %T")
| where compare<=B*
but it doesn't work...
Any suggestion,
Thanks,
Skender
Try something like this
your current search giving field A in epoch | where A<=strptime("31-08-2015 23:59:59","%d-%m-%Y %H:%M:%S")
Try something like this
your current search giving field A in epoch | where A<=strptime("31-08-2015 23:59:59","%d-%m-%Y %H:%M:%S")
Thank you!
I inserted the "| where" inside the macro I used in the report.
It works perfectly now!
Skender K.
My understanding is strftime will result in a Formatted string whereas strptime will result in a Parsed timestamp, so if you want to compare timestamps, you will want the value to be a timestamp, not a string.
http://docs.splunk.com/Documentation/Splunk/6.2.5/SearchReference/CommonEvalFunctions
(Scroll down to "Date and Time functions")
I think if you try strptime like in this answer, it will work:
https://answers.splunk.com/answers/37272/compare-two-date.html