Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Check if a time field was created less than 75 days back

sam1010
Explorer
‎09-08-2021 05:01 AM

sam1010_0-1631102296750.png

So this is what my data looks like. I need to check if the last column value is in the range of last 75 days. In other words, the date is later than last 75 days. How can i proceed?

0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎09-08-2021 05:43 AM

Hi @sam1010 

 

| makeresults 
| eval access_key_creation_time="2021-06-25 12:20:03" , now=now() 
| eval date_n=strptime(access_key_creation_time, "%Y-%m-%d %H:%M:%S") 
| eval diff= now - date_n 
| eval days = diff / 86400
| eval result = case(days <= 75, "YES", days > 75, "NO", isnull(access_key_creation_time), "NA")

 

Try above and output will be YES, NO or NA for null showed under result field.

---

An upvote would be appreciated if this reply helps! 

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...