Match timestamp when it is between timestamp from ...

basvanderbijl · ‎06-19-2019

Hi all,
I want to merge the following sets based on their timestamp.

index=bus sourcetype=bus | table timestamp type x-pos y-pos

The results of this query looks like this:

                   timestamp     type     x-pos   y-pos
2019-06-17T11:08:42.887+0200    BUS-4        1      1
2019-06-17T11:08:31.878+0200    BUS-4        2      2
2019-06-17T11:08:20.871+0200    BUS-4        3      3
2019-06-17T11:08:09.895+0200    BUS-4        4      4
2019-06-17T11:07:56.903+0200    BUS-4        5      5
..
..

The .csv with which it should be merged looks like this:

       START_PERIOD          END_PERIOD STATUS
2019-06-17T09:42:41 2019-06-17T12:12:31     OK
2019-06-17T09:17:47 2019-06-17T09:42:41  ERROR
2019-06-17T08:02:14 2019-06-17T09:17:47     OK
..
..

The STATUS of the .csv should be attached when the timestamp of the resultset is between the START_PERIOD and END_PERIOD.
So myy expected results look like this:

                   timestamp      bus   x-pos   y-pos   STATUS
2019-06-17T11:08:42.887+0200    BUS-4       1       1       OK
2019-06-17T11:08:31.878+0200    BUS-4       2       2       OK
2019-06-17T11:08:20.871+0200    BUS-4       3       3       OK
2019-06-17T11:08:09.895+0200    BUS-4       4       4       OK
2019-06-17T11:07:56.903+0200    BUS-4       5       5       OK
..
..

I hope you can help me with this query.

Thanks in advance.
Regards

Match timestamp when it is between timestamp from lookup

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation