https://community.splunk.com/t5/Splunk-Search/Check-if-a-date-is-within-interval-of-another-record/m-p/570194#M198735 <P>Hi!</P><P>I have the following data and would like to check, for those records with the same ID, if one record has CREATED_DATE within CREATED_DATE and RESOLVED_DATE of another one. So in the example, the first record in blue was created on 10-4 and resolved on 10-07, where the second record with the same ID was created on 10-05 while the other one was open. Can we do this kind of check in Splunk?</P><TABLE border="1" width="100%"><TBODY><TR><TD height="24px">ID</TD><TD height="24px">CREATED_DATE</TD><TD height="24px">RESOLVED_DATE</TD></TR><TR><TD height="24px"><FONT color="#0000FF">123</FONT></TD><TD height="24px"><FONT color="#0000FF"><SPAN>2021-10-04 19:30:35</SPAN></FONT></TD><TD height="24px"><FONT color="#0000FF"><SPAN>2021-10-07 15:13:16</SPAN></FONT></TD></TR><TR><TD width="33.333333333333336%" height="24px">123</TD><TD width="33.333333333333336%" height="24px"><SPAN>2021-10-05 16:11:25</SPAN></TD><TD width="33.333333333333336%" height="24px"><SPAN>2021-10-15 12:05:32</SPAN></TD></TR><TR><TD>456</TD><TD><SPAN>2021-03-05 10:10:13</SPAN></TD><TD><SPAN>2021-05-05 11:05:21</SPAN></TD></TR></TBODY></TABLE><P>&nbsp;</P><P>We'd need another column, say CHECK, that says "overlap" when the second record was created between the range of the first one, with the same ID.</P><P>Thank you very much in advance!</P> Fri, 08 Oct 2021 10:47:19 GMT yvassilyeva 2021-10-08T10:47:19Z https://community.splunk.com/t5/Splunk-Search/Check-if-a-date-is-within-interval-of-another-record/m-p/570194#M198735 <P>Hi!</P><P>I have the following data and would like to check, for those records with the same ID, if one record has CREATED_DATE within CREATED_DATE and RESOLVED_DATE of another one. So in the example, the first record in blue was created on 10-4 and resolved on 10-07, where the second record with the same ID was created on 10-05 while the other one was open. Can we do this kind of check in Splunk?</P><TABLE border="1" width="100%"><TBODY><TR><TD height="24px">ID</TD><TD height="24px">CREATED_DATE</TD><TD height="24px">RESOLVED_DATE</TD></TR><TR><TD height="24px"><FONT color="#0000FF">123</FONT></TD><TD height="24px"><FONT color="#0000FF"><SPAN>2021-10-04 19:30:35</SPAN></FONT></TD><TD height="24px"><FONT color="#0000FF"><SPAN>2021-10-07 15:13:16</SPAN></FONT></TD></TR><TR><TD width="33.333333333333336%" height="24px">123</TD><TD width="33.333333333333336%" height="24px"><SPAN>2021-10-05 16:11:25</SPAN></TD><TD width="33.333333333333336%" height="24px"><SPAN>2021-10-15 12:05:32</SPAN></TD></TR><TR><TD>456</TD><TD><SPAN>2021-03-05 10:10:13</SPAN></TD><TD><SPAN>2021-05-05 11:05:21</SPAN></TD></TR></TBODY></TABLE><P>&nbsp;</P><P>We'd need another column, say CHECK, that says "overlap" when the second record was created between the range of the first one, with the same ID.</P><P>Thank you very much in advance!</P> Fri, 08 Oct 2021 10:47:19 GMT https://community.splunk.com/t5/Splunk-Search/Check-if-a-date-is-within-interval-of-another-record/m-p/570194#M198735 yvassilyeva 2021-10-08T10:47:19Z https://community.splunk.com/t5/Splunk-Search/Check-if-a-date-is-within-interval-of-another-record/m-p/570203#M198738 <LI-CODE lang="markup">| sort 0 ID CREATED_DATE | streamstats values(RESOLVED_DATE) as PREVIOUS_RESOLVED_DATE current=f window=1 by ID | eval overlap=if(isnotnull(PREVIOUS_RESOLVED_DATE) AND CREATED_DATE &lt; PREVIOUS_RESOLVED_DATE, "Overlap", null())</LI-CODE> Fri, 08 Oct 2021 12:15:45 GMT https://community.splunk.com/t5/Splunk-Search/Check-if-a-date-is-within-interval-of-another-record/m-p/570203#M198738 ITWhisperer 2021-10-08T12:15:45Z