When i try to find the difference between two epoc 1)find the days range i get blank values 2) and i need to filter only records where days =0 | eval printedA_epoch=strptime(printedtimestrampA...
See more...
When i try to find the difference between two epoc 1)find the days range i get blank values 2) and i need to filter only records where days =0 | eval printedA_epoch=strptime(printedtimestrampA,"%Y-%m-%dT%H:%M:%S.%Q"),printedB_epoch=strptime(printedtimestrampB,"%Y-%m-%dT%H:%M:%S.%Q") | eval indextime =_indextime | eval diffA=indextime-printedA_epoch, diffB=indextime-printedB_epoch | eval daysA= round((diffA/86400),0) , daysB= round((diffB/86400),0) | table host,printedA_epoch,printedB_epoch,indextime,diffA,diffB,daysA,daysB