Splunk Search

How to display the exact date from time modifiers?

akarivaratharaj
Communicator

I would like to know how to display the exact date of the time modifiers which are specified in the earliest and latest time range.
Eg: earliest=-1q@q latest=@q

We know that this is nothing but the last quarter details, which is earliest =01-01-2019 and latest=31-03-2019.
I am using the time modifier in my query and I want to display the above format date along with my other panels in my dashboard.
This may change according to each quarter/year we select from input.

I am using this in a case condition,

<condition>
        <eval token="growth_title2">case($result.time_period$=="earliest=-1q@q latest=@q","xxxx", $result.time_period$=="earliest=-1y@y latest=@y", "yyyy")</eval>
      </condition>

The place xxxx and yyyy needed the logic to display the earliest & latest time in date format

Could anyone please help me to display time which is mentioned in time modifier as date format.

0 Karma

woodcock
Esteemed Legend

I have no idea what you mean by this. More explanation is required. Perhaps show examples.

0 Karma

harshpatel
Contributor

Hi @akarivaratharaj,

Can you please try this:

<eval token="growth_title2">strftime(relative_time(now(), earliest), "%d-%m-%Y")." to ".strftime(relative_time(now(), latest), "%d-%m-%Y")</eval>

For reference:
https://docs.splunk.com/Documentation/Splunk/7.2.5/SearchReference/DateandTimeFunctions
https://docs.splunk.com/Documentation/Splunk/7.2.5/Viz/tokens#Define_conditional_matching

genesiusj
Builder

@harshpatel
I modified this for my requirements. Works like a charm.
Thanks and God bless,
Genesius

0 Karma

harshpatel
Contributor

@genesiusj Glad to hear it.

Cheers,
Harsh

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...