Hello splunk communitie,
i am trying to make a comparison between the time in a event named Account_Expires against the time now.
I was trying a couple of things but nothing seems to work. the code below is where i gave up and asked for your help.
the idea is that there will be a tekst filled in "uitslag" if the Account_expires date is in the past from the pressent.
(edited after a response) so to conclude i am looking for a comparison beteen two time stamps, the time stamp in the field Expiration_date and the live date and not the log created date or time. after working on it and using the given answers i came up with the code below but it is still not working. i tried to convert te Account_Expire date to a number but that also didnt work.
| dedup _time
| eval datum =strftime(_time, "%d-%m-%Y %l:%M %p")
| rename src_user as "veranderd door"
| eval bewerking =if(Account_Expires = "-", Account_Expires = "<never>", if(Account_Expires = "<never>",Account_Expires,tonumber(trim(Account_Expires))))
| eval Real_time =strftime(now(), "%d-%m-%Y %l:%M:%S")
| eval uitslag =if(Real_time > bewerking, "Expire datum is in het verleden", if(Account_Expires = "-", "geen datum opgegeven", if(Account_Expires = "<never>", "geen datum opgegeven","Expire datum is in de toekomst")))
| table user,EventCode,"veranderd door",datum, Account_Expires, uitslag, bewerking, Real_time
| sort datum uitslag
| fields - EventCode
With Kind regards
... View more