Hi jenniferleenyc,
take this run everywhere search :
| gentimes start=-1
| eval foo1="Oct 7 12:58:21 2016", foo2="08/01/16"
| eval boo1=strptime(foo1, "%b %e %H:%M:%S %Y"), boo2=strptime(foo2, "%m/%d/%y")
| table foo1 foo2 boo1 boo2
This will create some dummy fields and using strptime you will parse the values of foo1 and foo2 into epoch values which later can be compared. See the docs on strptime http://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/CommonEvalFunctions#Date_and_Time_functions
This function takes a time represented by a string, X, and parses it into a timestamp using the format specified by Y.
For more information on the time format option see http://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Commontimeformatvariables
Hope this helps ...
cheers, MuS
... View more