Re: How to compare two dates in format DAY-Mon dd:...

jagdeepgupta813 · ‎04-24-2018

Hello,

I have two dates which I need to compare and report if there is difference of more than 1 hour

currTime = Tue Apr 24 07:52:18 PDT 2018 
currProcTime = Tue Apr 24 06:26:03 PDT 2018

As of now I used regular expressions like below , but is there any easy or efficient way to do this ?

 | rex field=currTime "(?<hr1>\d{2}):.*:.*" | rex field=currProcTime "(?<hr2>\d{2}):.*:.*"| eval latencyByHour=hr1-hr2| where latencyByHour>0

TISKAR · ‎04-24-2018

Can you try this:

| makeresults 
| eval currTime = "Tue Apr 24 07:52:18 PDT 2018", currProcTime = "Tue Apr 24 06:26:03 PDT 2018"
| where (strptime(currTime,"%a %b %d %H:%M:%S PDT %Y")-strptime(currProcTime,"%a %b %d %H:%M:%S PDT %Y"))>3600

woodcock · ‎04-24-2018

Like this:

... | eval currTime=strptime(currTime, "%a %b %d %H:%M:%S %Z %Y")
| eval currProcTime=strptime(currProcTime, "%a %b %d %H:%M:%S %Z %Y")
| eval latencySeconds = currTime - currProcTime
| where latencySeconds > 3600

How to compare two dates in format DAY-Mon dd:mm:ss ZZZZ YYYY ?

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Data Management Digest – December 2025

Join the Conversation

How to compare two dates in format DAY-Mon dd:mm:ss ZZZZ YYYY ?

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Data Management Digest – December 2025