Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Howto use _time to compare with field with time

krusovice
Path Finder
‎04-27-2019 10:13 AM

Hello,

I've a field with date/time in it. The field name is system_created_on=2019-04-26 09:38:24.

I have a time picker and I would like to use the date selected to compare with a field with date/time. For example, when user select 4/26/2019, I need to have the query to match with"2019-04-26" from system_created_on field. How can I achieve this?

Thanks.

Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎04-27-2019 07:45 PM

Like this:

index=YouShouldAlwaysSpecifyAnIndex AND sourcetype=AndSourcetypeToo eatliest=0 latest=now
| eval system_created_on=strptime(system_created_on, "%Y-%m-%d %H:%M:%S")
| addinfo
| where (system_created_on >= info_min_time AND system_created_on <= info_max_time)
| fieldformat system_created_on=strftime(system_created_on, "%Y-%m-%d %H:%M:%S")

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎04-27-2019 07:45 PM

Like this:

index=YouShouldAlwaysSpecifyAnIndex AND sourcetype=AndSourcetypeToo eatliest=0 latest=now
| eval system_created_on=strptime(system_created_on, "%Y-%m-%d %H:%M:%S")
| addinfo
| where (system_created_on >= info_min_time AND system_created_on <= info_max_time)
| fieldformat system_created_on=strftime(system_created_on, "%Y-%m-%d %H:%M:%S")
Reply
Solved! Jump to solution

krusovice
Path Finder
‎04-28-2019 04:34 AM

Wow thanks, it works!

0 Karma
Reply
Get Updates on the Splunk Community!

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...