Splunk compare date strings by queries

h52huang — Tue, 05 Jun 2018 01:29:35 GMT

I want to compare date strings by splunk queries please. I have 2 dropdown inputs. StartDate and EndDate

I have below result set populated from a dropdown as 'StartDate'. If the user selects 2018-05-03, then my EndDate should only have 2018-05-07 and 2018-05-16 available for users to pick.
Date 2018-05-01 2018-05-03 2018-05-07 201805-16

How do I do the comparison logic within the same query please? Can Splunk compare dates alphabetically like Java strings ? Thank you.

Re: Splunk compare date strings by queries

cpetterborg — Tue, 05 Jun 2018 01:43:20 GMT

In this case you can do a string comparison in order to test the dates. Here is a run-anywhere search (it sets up some data in the first three lines, then the last line is the one you want to look at) that can show you this capability:

| makeresults
| eval data="date1=2018-05-03 date2=2018-05-07"
| rex field=data "date1=(?P<date1>\S+)\s+date2=(?P<date2>\S+)"
| eval less=if(date1<date2,1,0)

The dates are compared as strings. The if function will allow you to do a comparison, then if true, take the first value, if false, take the second value.

topic Splunk compare date strings by queries in Splunk Search

Splunk compare date strings by queries

Re: Splunk compare date strings by queries