Archive

Howto use _time to compare with field with time

Path Finder

Hello,

I've a field with date/time in it. The field name is systemcreatedon=2019-04-26 09:38:24.

I have a time picker and I would like to use the date selected to compare with a field with date/time. For example, when user select 4/26/2019, I need to have the query to match with"2019-04-26" from systemcreatedon field. How can I achieve this?

Thanks.

1 Solution

Esteemed Legend

Like this:

index=YouShouldAlwaysSpecifyAnIndex AND sourcetype=AndSourcetypeToo eatliest=0 latest=now
| eval system_created_on=strptime(system_created_on, "%Y-%m-%d %H:%M:%S")
| addinfo
| where (system_created_on >= info_min_time AND system_created_on <= info_max_time)
| fieldformat system_created_on=strftime(system_created_on, "%Y-%m-%d %H:%M:%S")

View solution in original post

0 Karma

Esteemed Legend

Like this:

index=YouShouldAlwaysSpecifyAnIndex AND sourcetype=AndSourcetypeToo eatliest=0 latest=now
| eval system_created_on=strptime(system_created_on, "%Y-%m-%d %H:%M:%S")
| addinfo
| where (system_created_on >= info_min_time AND system_created_on <= info_max_time)
| fieldformat system_created_on=strftime(system_created_on, "%Y-%m-%d %H:%M:%S")

View solution in original post

0 Karma

Path Finder

Wow thanks, it works!

0 Karma