Hi All,
i want to add time in search string.
My data is showing time 26-02-2018T02:00:00.000+0000, but while searching i want to add 11 hour , means it should create filter for time 27-02-2018T13:00:00.000+0000.
Also after this i also want to apply substring on time to just show dates.
i am using below one, but its not working.
index=XXXXXX source="XXXXXX" |eval host=add(Date,+11) | eval hostgroup=substr(Date,1,10) | stats count(Date) by hostgroup
Please help.
Vikash
Try this:
index=XXXXXX source="XXXXXX" |eval date=strptime(CDate, "%d-%m-%Y %H:%M:%S.%3N%z") | eval date1=date+39600 | eval hostgroup =strftime(date1, "%d-%m-%Y") | stats count(CDate) by hostgroup
Hi,
This may be helpful for you:
index=XXXXXX source="XXXXXX" |eval date=strftime(Date, "%d-%m-%Y %H:%M:%S.%3N%z") | eval date1=date+39600 | eval hostgroup =strptime(date1, "%d-%m-%Y") | stats count(date) by hostgroup
@p_gaurav
Thanks for your quick reply.
Query is not provding any output.
Hi,
can you tell me output of this:
index=XXXXXX source="XXXXXX" |eval date=strftime(_time, "%d-%m-%Y %H:%M:%S")
I have too many date fields, out of which i want to create filter for one of the date field. i am not sure if _time will help here.
Below is the date field on which i need to execute the query.
CDate: 2018-02-27T03:55:28.000+0000
Hi @p_gaurav
We are getting output 0 though we have non-zero value.