Hello!, First time posting here. Just started learning Splunk and I am trying to extract events between two date ranges 4/6/2021 and 4/7/2021.
I tried one of the earlier suggested answers which were
index="security"
| eval Date="04/07/2021"
| eval timestampDate=strptime(Date, "%m/%d/%Y")
| eval timestampStart=strptime("04/06/2021", "%m/%d/%Y")
| eval timestampEnd=strptime("04/07/2021", "%m/%d/%Y")
| eval formattedTimestamp = strftime(timestamp,"%Y-%m-%dT%H:%M:%S")
| where timestampDate >= timestampStart AND timestampDate <= timestampEnd
and
index="security" | eval Date="4/7/2021" | where (strptime(Date, "%m/%d/%Y")>=strptime("4/6/2021", "%m/%d/%Y")) AND (strptime(Date, "%m/%d/%Y")<=strptime("4/7/2021", "%m/%d/%Y"))
But the queries return all the events available in the log file. Attaching the screenshots here.
Here the sample from the index.
Can someone please assist, thanks in advance.
Hi @Saikarankot,
I suppose that you are not speaking of identify two dates using Time Picker.
In this case you can use something lie this:
index=security (earliest="10/03/2022:00:00:00" latest="10/05/2022:00:00:00")
beware to the format of the timestamp!
Ciao.
Giuseppe
Hi @Saikarankot,
I suppose that you are not speaking of identify two dates using Time Picker.
In this case you can use something lie this:
index=security (earliest="10/03/2022:00:00:00" latest="10/05/2022:00:00:00")
beware to the format of the timestamp!
Ciao.
Giuseppe
Hi @gcusello . Apologies for the late response.
Thank you so much, this works. I'm also curious why queries that I tried earlier didn't work. Would you be able to shed some light on that?
Best Regards,
Sai
Hi @Saikarankot,
probably the proble is in the format of those fields.
good for you, see next time!
Please accept one answer for the other people of Community
Ciao and happy splunking
Giuseppe
P.S.: Karma Points are appreciated 😉