I have a time dropdown as below:
<input type="time" token="dashboardTime" searchWhenChanged="true">
<label>SELECT TIME RANGE</label>
<default>
<earliest>-7d@d</earliest>
<latest>now</latest>
</default>
</input>
Now , I need write a query based field which was under the selected time . For Eg: If I choose Last 7 days it should be:
index=**** sourcetype=**** "cf_foundation=px-npe01" "cf_org_name=****" "cf_space_name=****" "cf_app_name=****" "||splunk-logger||" taskName='****' status='COMPLETED' | sort -splunkLogId | eval startDateModified= strptime( startDate, "%d-%m-%Y")
| where startDateModified > "01/02/2018" and starDate <= "07/02/208"|stats count
it looks like startDateModified is based on startDate, so the values would be the same, but formatted differently? Is there a reason you're using both in the where statement? Are the values different than _time?