I have a date field 'Start Time' in csv. I have to filter if date in this field is current week date or future week date. For this I fetch '%W' of the date and current date and comparing. But if the date is future date its '%W' is coming as current week only. It is not considering future dates.
Any help will be great!
Give this a try
/* source*/ | eval StartTimeDetail=case(strptime('Start Time',"%m/%d/%Y %H:%M")>=relative_time(now(),"@w+7d"),"Future Week",strptime('Start Time',"%m/%d/%Y %H:%M")>=relative_time(now(),"@w"),"This Week",1=1,"Prior Week")
| table "Start Time" StartTimeDetail
Give this a try
/* source*/ | eval StartTimeDetail=case(strptime('Start Time',"%m/%d/%Y %H:%M")>=relative_time(now(),"@w+7d"),"Future Week",strptime('Start Time',"%m/%d/%Y %H:%M")>=relative_time(now(),"@w"),"This Week",1=1,"Prior Week")
| table "Start Time" StartTimeDetail
Ohh Superb!! its working
There seems to be a lot of unneeded churn in your search. Does this work for you?
your base search
| eval InFuture=if((now()-_time)>86400,"yes","no")
| table _time InFuture
EDIT: you could change 86400 to 0 to catch anything in the future. Or change to 604800 to catch something 1 week in the future or more.
this returns whether the difference is 1 week or not. But I have to show whether _time is in current week or not
Why not compare epoch times directly? If _time > now() then the event is in the future.