Solved: Need to filter out latest one year date for the pa...

Ashwini_5 · ‎12-29-2021

Hello Experts,

Kindly help to filter out latest one year date for the particular field.

For ex: index="abc" sourcetype="xyz"
|table ID, COMPLETION_DATE, LEARNING_ITEM_ID, LEARNING_ITEM_TITLE, TARGET_DATE

Here I just need to filter out who has completed within last one year in the completion date . Actually, Completion date showing for last five years .. But I just need to filter out only for past year without mentioning any date in query. I am wondering if we can use latest command .. Kindly help

richgalloway · ‎12-29-2021

To find dates within the past year, first convert the date into epoch form then compare the result to the current time using relative_time().

index="abc" sourcetype="xyz" 
| eval CD=strptime(COMPLETION_DATE, "<<insert format string here>>")
| where CD >= relative_time(CD, "-1year")
| table ID, COMPLETION_DATE, LEARNING_ITEM_ID, LEARNING_ITEM_TITLE, TARGET_DATE

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎12-29-2021

To find dates within the past year, first convert the date into epoch form then compare the result to the current time using relative_time().

index="abc" sourcetype="xyz" 
| eval CD=strptime(COMPLETION_DATE, "<<insert format string here>>")
| where CD >= relative_time(CD, "-1year")
| table ID, COMPLETION_DATE, LEARNING_ITEM_ID, LEARNING_ITEM_TITLE, TARGET_DATE

---
If this reply helps you, Karma would be appreciated.

Need to filter out latest one year date for the particular field in table

fields

timechart

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)