Solved: strptime(x,y) usage

pipipipi · ‎04-23-2020

hi all,
I confused about strptime.
My goal search is this.(this is a sample. I have month field. I get token in my dashboard and do this search.)

|makeresults
|eval test=strptime("$token$", "%Y-%m")
|where month>strftime(relative_time(test, "-2mon"), "%Y-%m") AND month<="$token$"

I did this search, but test is no result.

|makeresults
|eval test=strptime("2020-02", "%Y-%m")
|where month>strftime(relative_time(test, "-2mon"), "%Y-%m") AND month<="2020-02"

How to change time? Am I wrong using strptime?
Thank you for helping.
(this is easy question, I know, but today, I am stumbling on this problem for some reason.)

manjunathmeti · ‎04-23-2020

You need to provide "day" along with month and year to strptime function. Try this:

| makeresults 
| eval test=strptime("2020-02"."-01", "%Y-%m-%d"), month="2020-01" 
| where month > strftime(relative_time(test, "-2mon"), "%Y-%m") AND month <= "2020-02"

with token:

| makeresults
| eval test=strptime("$token$"."-01", "%Y-%m-%d"), month=??
| where month > strftime(relative_time(test, "-2mon"), "%Y-%m") AND month <= "$token$"

View solution in original post

manjunathmeti · ‎04-23-2020

You need to provide "day" along with month and year to strptime function. Try this:

| makeresults 
| eval test=strptime("2020-02"."-01", "%Y-%m-%d"), month="2020-01" 
| where month > strftime(relative_time(test, "-2mon"), "%Y-%m") AND month <= "2020-02"

with token:

| makeresults
| eval test=strptime("$token$"."-01", "%Y-%m-%d"), month=??
| where month > strftime(relative_time(test, "-2mon"), "%Y-%m") AND month <= "$token$"

pipipipi · ‎04-23-2020

Thank you so much. I should add "day"...I understand.
Thank you so much.

to4kawa · ‎04-23-2020

strings(text) can't be compared

strptime(x,y) usage

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update