Solved: Why is the relative_time not converting +24y? Is t...

vasanthmss · ‎12-18-2014

Hi Splunkers,

Why the relative_time function is not converting +24y? any reason? Any way to achieve this?

|stats count | eval next_time=relative_time(now(),"+24y")

Is there any limitation in relative_time function?

Cheers!!!

V

acharlieh · ‎12-18-2014

It seems that relative_time (at least on 6.2.0) is limited by the Year 2038 problem: http://en.wikipedia.org/wiki/Year_2038_problem

Check this out, this works:

noop | stats count | eval _time=relative_time(now(),"+24y@y+18d+3h+14m+7s")

But this doesn't:

noop | stats count | eval _time=relative_time(now(),"+24y@y+18d+3h+14m+8s")

But this does:

noop | stats count | eval _time=relative_time(now(),"+24y@y+18d+3h+14m+7s")+1

cabauah · ‎04-25-2018

is there an update on this issue? what's an alternative solution?

cabauah · ‎02-13-2019

we've fixed the issue by using good ol strptime and strftime

acharlieh · ‎12-18-2014

It seems that relative_time (at least on 6.2.0) is limited by the Year 2038 problem: http://en.wikipedia.org/wiki/Year_2038_problem

Check this out, this works:

noop | stats count | eval _time=relative_time(now(),"+24y@y+18d+3h+14m+7s")

But this doesn't:

noop | stats count | eval _time=relative_time(now(),"+24y@y+18d+3h+14m+8s")

But this does:

noop | stats count | eval _time=relative_time(now(),"+24y@y+18d+3h+14m+7s")+1

acharlieh · ‎04-05-2017

For those following along at home... as it's still a problem, I logged Case 468033 for this.

Why is the relative_time not converting +24y? Is there a limitation in the function?