Solved: How do I run a search with today's date in the sea...

Chambito17 · ‎08-17-2023

I currently have this search right now, and I apologize in advance for my poor spl. I would like to know how to run this with whatever the current date is in YYYY-MM-DD as I am trying to just get the employees leaving on the current day that ran.

| inputlookup listofemployees.csv
| search Last_Day_of_Work="$Todays Date$"
| table Employee_ID, Last_Day_of_Work, effective, firstName, lastName

Please let me know, thank you for your help.

Manasa_401 · ‎08-17-2023

Please replace search with where as shown below

|where year=strftime(now(),"%Y-%m-%d")

View solution in original post

Manasa_401 · ‎08-17-2023

Hi @Chambito17

use can use the now() function to get the current timestamp as below.

| search Last_Day_of_Work==strftime(now(),"%Y-%m-%d")

used strftime to get the desired format.

If this helps, an upvote would be appreciated.

Thanks,

Manasa

Chambito17 · ‎08-17-2023

Thank you so much for the reply @Manasa_401 , but when I add that to my search it doesn't return anything.

My csv is laid out like this

Employee_ID	Last_Day_of_Work	effective	firstName	lastName
130XXXXX	2023-08-17	2023-08-18	Joe	Shmoe
130XXXXX	2023-08-17	2023-08-18	John	Doe
130XXXXX	2023-08-18	2023-08-19	Jane	Doe

I was hoping to just see Joe and John, but I dont get anything back

| inputlookup awesome_employee.csv
| search Last_Day_of_Work==strftime(now(),"%Y-%m-%d")
| table Employee_ID, Last_Day_of_Work, effective, firstName, lastName

Manasa_401 · ‎08-17-2023

Please replace search with where as shown below

|where year=strftime(now(),"%Y-%m-%d")

Chambito17 · ‎08-18-2023

Awesome, this is exactly what I needed, thank you very much @Manasa_401

How do I run a search with today's date in the search itself, not using the time picker?

fields

subsearch

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability