How can i display dates between two dates?

ajayabburi508 · ‎11-22-2016

I have a log that has Start date=23/nov/2016 enddate=23/dec/2016.now i need to display the dates between the dates .

sundareshr · ‎11-23-2016

Try this

... | eval start=strptime(startdate,"%d/%b/%Y") | eval end=strptime(enddate,"%d/%b/%Y") | eval between= mvrange(start, end, "1d") | mvexpand between

ajayabburi508 · ‎11-24-2016

thanks sundareshr .
but while generating data its missing last date please help me out for that

ajayabburi508 · ‎11-24-2016

my query like this

|makeresults| eval startdate="01/01/2016", enddate="01/31/2016"| eval start=strptime(startdate,"%m/%d/%Y"), end=strptime(enddate,"%m/%d/%Y")| eval between= mvrange(start, end, "1d") | mvexpand between | eval s=strftime("between","%d-%m-%y") |eval c_time=strftime(between,"%m/%d/%y") | table c_time,start,end,lines,pattern,daysapplicable,type,prirority

sundareshr · ‎11-24-2016

You could add a day to end, like so | eval between= mvrange(start, end+86400, "1d"). Having said that, the other option is to use gentimes, try this

| gentimes start="01/01/2016", end="02/01/2016" increment=1d | rename *human as *time | table *time, lines,pattern,daysapplicable,type,prirority

ajayabburi508 · ‎11-24-2016

thanks bro

richgalloway · ‎11-23-2016

Dates must be converted into epoch form before they can be compared. Use something like this. It will give the difference between the two dates in seconds.

... | eval eStartDate=strptime(startdate,"%d/%b/%Y") | eval eEndDate=strptime(enddate,"%d/%b/%Y") | eval diff = eEndDate-eStartDate | ...

---
If this reply helps you, an upvote would be appreciated.