Splunk Search

strptime(x,y) usage

pipipipi
Path Finder

hi all,
I confused about strptime.
My goal search is this.(this is a sample. I have month field. I get token in my dashboard and do this search.)

|makeresults
|eval test=strptime("$token$", "%Y-%m")
|where month>strftime(relative_time(test, "-2mon"), "%Y-%m") AND month<="$token$"

I did this search, but test is no result.

|makeresults
|eval test=strptime("2020-02", "%Y-%m")
|where month>strftime(relative_time(test, "-2mon"), "%Y-%m") AND month<="2020-02"

How to change time? Am I wrong using strptime?
Thank you for helping.
(this is easy question, I know, but today, I am stumbling on this problem for some reason.)

0 Karma
1 Solution

manjunathmeti
SplunkTrust
SplunkTrust

You need to provide "day" along with month and year to strptime function. Try this:

| makeresults 
| eval test=strptime("2020-02"."-01", "%Y-%m-%d"), month="2020-01" 
| where month > strftime(relative_time(test, "-2mon"), "%Y-%m") AND month <= "2020-02"

with token:

| makeresults
| eval test=strptime("$token$"."-01", "%Y-%m-%d"), month=??
| where month > strftime(relative_time(test, "-2mon"), "%Y-%m") AND month <= "$token$"

View solution in original post

0 Karma

manjunathmeti
SplunkTrust
SplunkTrust

You need to provide "day" along with month and year to strptime function. Try this:

| makeresults 
| eval test=strptime("2020-02"."-01", "%Y-%m-%d"), month="2020-01" 
| where month > strftime(relative_time(test, "-2mon"), "%Y-%m") AND month <= "2020-02"

with token:

| makeresults
| eval test=strptime("$token$"."-01", "%Y-%m-%d"), month=??
| where month > strftime(relative_time(test, "-2mon"), "%Y-%m") AND month <= "$token$"
0 Karma

pipipipi
Path Finder

Thank you so much. I should add "day"...I understand.
Thank you so much.

0 Karma

to4kawa
Ultra Champion

strings(text) can't be compared

0 Karma
Get Updates on the Splunk Community!

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...