How can I determine the last date of an epoch time...

tamduong16 · ‎12-11-2017

So for the dashboard time dropdown, I want to determine whether the To: date that user select is the last date of that month. Could I do that with today Splunk? If not, can I determine the last date of that month base on the epoch time?

DalJeanis · ‎12-11-2017

There are a number of ways to do that. Here's one simple method. Add one day to the epoch time, and translate to "day". If the answer is 01, then today is the last day of that month.

| makeresults 
| eval curdate="2016-02-28 2017-02-28 2017-03-28 2017-03-31" 
| makemv curdate 
| mvexpand curdate
| eval curdateEpoch=strptime(curdate,"%Y-%m-%d") 
| eval daytest=strftime(curdateEpoch+86400,"%d") 
| eval flag=case(daytest="01","last day of month")

tamduong16 · ‎12-11-2017

@DalJeanis, how can I do this in xml do you know? This is my xml:

  <label>Select a time range:</label>
  <default>
    <earliest>-1mon@mon</earliest>
    <latest>@mon</latest>
  </default>
  <change>
      <eval token="timelineearliest">case($field1.earliest$ = </eval>
      <eval token="timelinelatest">$field1.latest$</eval>
    </change>
</input>

I want to find that out and put that for timelineearliest line. Is this durable? Thanks!

How can I determine the last date of an epoch time?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How can I determine the last date of an epoch time?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...