Hi @avikc100 Basically in Splunk the time and date operations should be done like this: 1) Splunk has an event's timestamp in some format (dd-mm-yy aa:bb:cc dddd). 2) convert that to epoch timestamp (use strptime) ----- strptime(<str>, <format>) ------Takes a human readable time, represented by a string, and parses the time into a UNIX timestamp using the format you specify. 3) then do sorting, comparison operations on the epoch timestamp. 4) and then convert back to human readable timestamp (use strftime) ------strftime(<time>,<format>) ------This function takes a UNIX time value and renders the time as a string using the format specified. if any reply helped you, then, karma / upvotes appreciated, thanks.
... View more