I am having trouble getting a result to appear for the below query. I am trying to produce a column showing time_diff of the lastest timestamp result for lane_RFID subtracted from the time now. The table doesn't show a result for time_diff, but everything else shows properly. Hopefully it is something easy. Thank you.
index=*"RFID Message received for:" | stats latest(date_time) by LANE_RFID | eval time_now=now() | eval time_now=strftime(time_now,"%Y/%m/%d %H:%M:%S") | eval time_diff=strftime(time_diff,"%M:%S") | eval time_diff=time_now-date_time| table LANE_RFID time_now latest(date_time) time_diff
index=*"RFID Message received for:"
| stats latest(date_time) as date_time by LANE_RFID
| eval time_now=strftime(now(),"%Y/%m/%d %H:%M:%S")
| eval time_diff=now() - strptime(date_time,"%Y/%m/%d %H:%M:%S")
| table LANE_RFID time_now date_time time_diff
index=*"RFID Message received for:"
| stats latest(date_time) as date_time by LANE_RFID
| eval time_now=strftime(now(),"%Y/%m/%d %H:%M:%S")
| eval time_diff=now() - strptime(date_time,"%Y/%m/%d %H:%M:%S")
| table LANE_RFID time_now date_time time_diff
This works wonderfully! Thank you so much!
Is date_time
epoch?
date_time is formatted 2020/02/24 16:14:34