Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

what is use of diff command

maheshsat
Explorer
‎03-15-2018 05:11 AM

Hi , I tried understanding diff command from spunk.doc unable to understand,could you please let me know use of diff command what exactly it does , it would be great if given in answer with example.Thanks

Tags (1)
Reply

p_gurav
Champion
‎03-15-2018 05:38 AM

Hi,

Diff command will give you difference between two search results. Refer below link for example:
https://answers.splunk.com/answers/151315/how-to-find-differences-between-two-searches-with-set-diff...

Reply

logloganathan
Motivator
‎03-15-2018 05:25 AM

diff can be used to get the difference between the epoch time.
Please see the below example where i used this query for setting my alert

your base query | eval MyDate=strptime(date,"%d %b %Y %H:%M:%S") | fieldformat StartTime=strptime(MyDate, "%Y-%m-%d %H:%M:%S") | eval Diff=tostring((StartTime-EndTime),"duration")

Reply
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Get Updates on the Splunk Community!