Solved: date strftime convert and show last 4 days

felipesewaybric · ‎07-03-2015

Hey guys, i have | eval Date=strftime(strptime(data,"%Y/%m/%d"),"%m/%d") returning

07/02
07/01
06/30
06/29
06/28

but i want to receive only the last 4 days.

07/02
07/01
06/30
06/29

The data is in a lookup_table csv

martin_mueller · ‎07-03-2015

String comparisons are usually bad news. Consider this instead:

| where strptime(data,"%Y/%m/%d") >= relative_time(now(), "-4d")

That way the comparison is done using numbers / epoch time, so there's no ambiguity in case your date formatting requirements change.

martin_mueller · ‎07-03-2015

String comparisons are usually bad news. Consider this instead:

| where strptime(data,"%Y/%m/%d") >= relative_time(now(), "-4d")

That way the comparison is done using numbers / epoch time, so there's no ambiguity in case your date formatting requirements change.

felipesewaybric · ‎07-03-2015

ok, i think i found what i need:

| where Date >= strftime(relative_time(now(), "-4d"), "%m/%d")

date strftime convert and show last 4 days