Splunk Search

To find number of days between two dates

jgr_26
Engager

Please give a solution to calculate the number of days between two given dates..

Regards
Govind.

Tags (1)
0 Karma

singhh4
Path Finder
...| eval start = strptime(date1, "%Y-%m-%d %H:%M:%S")| eval end = strptime(date2, "%Y-%m-%d %H:%M:%S")| eval duration = round((end-start)/86400)

Converts column to timestamp(epoc): strptime(field, date_format)
This will give you the duration in days (example): 23

0 Karma

Chandras11
Communicator

HI, Just a small question here: What if I want to remove the weekend from this calculation.

0 Karma

siraj198204
Explorer

Hi ,
source="dmon-tail://idhouse/id_account" application=TFD [|inputlookup execSSO.csv |rename sso as owner] |eval exp_date=strftime(relative_time(strptime(lastPasswordChange,"%Y-%m-%d %H:%M:%S"),"+90d@d"), "%Y/%m/%d %H:%M")

This query is working good .

I need one more help ,

I want to count the days between exp_date and today date

any one can help me on this ...

Thank u ,

Regards,
Siraj

0 Karma

jgr_26
Engager

i need to generate a time based report. Below are the inputs
Start Date : string
End Date : string

I need the no of days from ( now to startDate) and (now to endDate), so that i can play around.

Thanks

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

You really need to provide more context on this, such as, where are these dates coming from?

0 Karma

gkanapathy
Splunk Employee
Splunk Employee
... | eval (timestamp2-timestamp1)/86400

is whatI can do with the information you've given.

Ayn
Legend

Ok, so what's not working with the provided solution?

0 Karma

jebasinghk
New Member

This is not working....

Here is my scenario... I have event coming in SPLUNK from database and i have 2 date columns in it. I need to get the difference between the 2 days and want to filter all records that are greater than 30 days.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...