Hi Team,
Need your help
| inputlookup yar_list | table Name End_date Ticket hostname | sort End_date
I want to display only records which falls under current week & Next week ( 2 weeks data ) based on End_data column.
Can you pls help on this.
Thanks
HR
Hi @harsush,
Try
| inputlookup yar_list | table Name End_date Ticket hostname|eval End_date=strptime(End_date,"%Y/%m/%d %H:%M:%S") | sort End_date|where End_date >= relative_time(now(), "-2w@w")
Sorry actually i tried this - But the problem is End_date is not splunk field,
| inputlookup yar_list | eval Format_Date=strptime(End_date,"%m/%d/%Y %H:%M:%S.%3N") | table Name Format_Date End_date Ticket hostname | sort End_date
Format_Date displays empty/ I think we should convert this field ?
Hi @harsush,
Alright. Updated the answer with conversion also. Try and let me know
for some reason its displaying all dates.
If iam running search today it should show only records form this week & Next week.
Can you pls help on this
By mentioning next week, hope you meant previous week. Can you just print Format_Date and relative_time(now(), "-2w@w") and paste the result for few rows or just manually compare one or two rows to see if it works
Sample data
End_date Ticket hostname
2018/06/12 23:59:59 INC00001 xyz.com