Hello to everybody, we are trying to set a search that makes a diff between two files of two different days. This is the working search: | set diff
[| search index=myindex source="*2021-08-27*.c...
See more...
Hello to everybody, we are trying to set a search that makes a diff between two files of two different days. This is the working search: | set diff
[| search index=myindex source="*2021-08-27*.csv"
| stats count by idx
| table idx]
[ search index=myindex source="*2021-08-26*.csv"
| stats count by idx
| table idx]
| join idx
[ search index=myindex source="*2021-08-27*.csv"]
| table "SITE ID",idx,"Title",FQDN,"Asset Primary Identifier","IP Address",Hostname,"Operating System", Port However, we'd like to make it parametric, we'd like dates contained in source names are calculated automatically, so we tried to insert this: | set diff
[ | eval todayFile=strftime(now(),"*%Y-%m-%d*.csv")
| search index=myindex source=todayFile
| stats count by idx
| table idx]
[ search index=myindex source="*2021-08-25*.csv"
| stats count by idx
| table idx]
| join idx
[ search index=myindex source=todayFile]
| table "SITE ID",idx,"Title",FQDN,"Asset Primary Identifier","IP Address",Hostname,"Operating System", Port but it's not working, or, better, it doesn't return errors but it doesn't return correct results either. How can we substitute source="*2021-08-25*.csv" with an instruction that dynamically inserts today date in our source filename in order to run the search every day?