Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Date compare

karunagaraprabh
Explorer
‎06-21-2020 08:43 PM

Hi, I am new to splunk so pardon me if made any mistake or asking simple questions, i  need to extract data from XML files, only when the xml parameter date is in current date and my date filed (printed-Timestramp) is in this format  "2020-06-20T01:23:23.693-0700"

i tried below query now i need to pass the  XML Parameter printed-Timestramp , please correct me for the best way to get the result

| makeresults | eval substrng=strptime(substr("2020-06-20T01:23:23.693-0700",1,10),"%Y-%m-%d")| eval compare=now() | where compare<substrng | fields + substrng,compare

below arethe reference of my xml file

 

 

Labels (2)
Labels
0 Karma
Reply

to4kawa
Ultra Champion
‎06-22-2020 04:41 AM

| makeresults | eval epoch=strptime("2020-06-20T01:23:23.693-0700","%FT%T.%3Q%z")

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commontimeformatvariables

 

now() is epoch. please try this query.

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...