Hi,
I have created a query which gives me date, and start and end time of a job in the below format.
Date Start End
04/04/2018 04:04:04 05:05:05
04/03/2018 04:03:48 05:15:05
04/02/2018 04:04:02 05:01:05
03/30/2018 04:08:04 05:05:25
03/29/2018 04:10:14 05:25:65
I want to get the latest run of this set. example: on 04/05/2018, I should get 04/04 data. But for 04/02, I should be seeing 03/30 since that was the latest run at that point of time. This is because of Monday and other days of the job run.
This is the output I am looking for :
on 04/05:
Date Start End
04/04/2018 04:04:04 05:05:05
on 04/02:
Date Start End
03/30/2018 04:08:04 05:05:25
I know that I need to check if the day is Monday, then I need to look for last business day which would be Friday, if its not Monday, then look for previous Business day which would be the day prior. But I am not able to put this logic in Splunk.
Here is what I have tried, but I am not sure how to get my condition checked.
..|eval epochtime=strptime(ProcessDate,"%Y/%m/%d") | eval dayofweekfull=strftime(epochtime,"%A") | eval checking=if(dayofweekfull="Monday","I am not sure how I can check this here as this is text and not a field that I can initialize","same here")
Please let me know if I am too confused for a easy problem
... View more