Try this
... | eval start=strptime(startdate,"%d/%b/%Y") | eval end=strptime(enddate,"%d/%b/%Y") | eval between= mvrange(start, end, "1d") | mvexpand between
thanks sundareshr .
but while generating data its missing last date please help me out for that
my query like this
|makeresults| eval startdate="01/01/2016", enddate="01/31/2016"| eval start=strptime(startdate,"%m/%d/%Y"), end=strptime(enddate,"%m/%d/%Y")| eval between= mvrange(start, end, "1d") | mvexpand between | eval s=strftime("between","%d-%m-%y") |eval c_time=strftime(between,"%m/%d/%y") | table c_time,start,end,lines,pattern,daysapplicable,type,prirority
You could add a day to end, like so | eval between= mvrange(start, end+86400, "1d")
. Having said that, the other option is to use gentimes
, try this
| gentimes start="01/01/2016", end="02/01/2016" increment=1d | rename *human as *time | table *time, lines,pattern,daysapplicable,type,prirority
thanks bro
Dates must be converted into epoch form before they can be compared. Use something like this. It will give the difference between the two dates in seconds.
... | eval eStartDate=strptime(startdate,"%d/%b/%Y") | eval eEndDate=strptime(enddate,"%d/%b/%Y") | eval diff = eEndDate-eStartDate | ...