Between dates condition showing error?

Neel88 · ‎02-03-2023

Hello everyone,

I am passing the dates as token but it shows the error in both the condition.

Cond1: | where (Date>="$date_start$" AND Date<="$date_end$")

Cond2: | where (Date>="2022-06-01" AND Date<="2022-06-02")

Please help

gcusello · ‎02-03-2023

to compare dates, you have to transform them in epochtime using the strptime function, you cannot compare dates in text format.

The only apparent exception is _time, but it's only apparence because it's already in epochtime.

something like this:

<your_search>
| eval date_start=strptime($date_start$,"%Y-%m-%d"), date_end=strptime($date_end$,"%Y-%m-%d"), Date=strptime(date,"%Y-%m-%d")
| where Date>=date_start AND Date<=date_end
| ...

Ciao.

Giuseppe

Neel88 · ‎02-03-2023

Hi,

Thank you for your response.

I have tried and getting this error.

gcusello · ‎02-03-2023

Hi @Neel88,

this is a different problem:

in the simple xml dashboards you cannout use "<" or ">" but you have to use: "<" and ">"

Ciao.

Giuseppe

Neel88 · ‎02-03-2023

Thank you for your response.

| where (Date = ">","$date_start$") AND (Date = "<","$date_end$")

I am very new with this tool. I am not getting result.

gcusello · ‎02-03-2023

Hi @Neel88,

I used quotes to delimit the strings, use them without quotes:

<your_search>
| eval date_start=strptime($date_start$,"%Y-%m-%d"), date_end=strptime($date_end$,"%Y-%m-%d"), Date=strptime(date,"%Y-%m-%d")
| where Date&gt;=date_start AND Date&lt;=date_end
| ...

Ciao.

Giuseppe

Neel88 · ‎02-03-2023

Thank you so much!! Its working fine 🙂

Between dates condition showing error?

chart

Dashboard Studio

form

javascript

panel

simple XML

single value

table

timechart

token

trellis layout

Transforming Financial Data into Fraud Intelligence

How to send events & findings from AWS to Splunk using Amazon EventBridge

Exciting News: The AppDynamics Community Joins Splunk!

Are you a member of the Splunk Community?

Between dates condition showing error?