Splunk Search

How to i match the latest date value in lookup file?

hvdtol
Path Finder

Hi,

I am a newbie to SPL and would like some help.
I want to find the latest date field in my lookup file file.

My test.csv file look like this

name,size,datum
AA,11,12-09-2020
AA,18,14-09-2020
AB,33,15-04-2020
AB,34,16-04-2020
AB,35,15-06-2020
AC,23,14-05-2020
AC,14,08-07-2020

If i want to find the maximum value of column "size"  i succeed
 
|inputlookup test.csv
| eval foo=[ |inputlookup test.csv |stats max(size) as dtx | return $dtx ]
| table foo

Result:
35
35
..

But when i try this with the date value i get this

|inputlookup tabs.csv
| eval foo=[ |inputlookup tabs.csv |stats max(datum) as dtx | return $dtx ]
| table foo

i get

-2008
-2008
..

How to i match the latest date value ?

Thank you in advance.

Reagrds,

Harry

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @hvdtol,

you have to convert the date in epochtime and then sort, something like this:

| inputlookup test.csv
| eval epoch_datum=strptime(datum,"%d-%m-Y")
| sort -epoch_datum
| head 1
| table name size datum

Ciao.

Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @hvdtol,

you have to convert the date in epochtime and then sort, something like this:

| inputlookup test.csv
| eval epoch_datum=strptime(datum,"%d-%m-Y")
| sort -epoch_datum
| head 1
| table name size datum

Ciao.

Giuseppe

0 Karma

hvdtol
Path Finder

Oh yes of course.
This was helpfull.

Thank you,Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @hvdtol,

good for you.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated :winking_face:

hvdtol
Path Finder

thanks

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...