Thank you for your attention.
I'm sorry that i didn't explain well..
what I exactly want is,,
I'd like to know how to compare,,
I can extract date from source file name.
after that, how should i do?
please refer to my query.
index="bottleneck" source="*.csv*"
| eval temp = split('source',".")
| eval date = mvindex(temp,0)
| sort date
| eval before7Days = strftime(relative_time(strptime(date, "%Y%m%d"), "-7d@d"),"%Y%m%d")
| dedup date
| table date before7Days
If i execute this query , the result is as below.
date before7Days
20181022 20181015
20181025 20181018
20181030 20181023
but, Actually what i need is as below.
date before7Days
20181022 20181015 (There is no file(20181015) in the index. So it doesn't care whatever)
20181025 20181022 (actual 7 days before = 20181018, but the nearest file = 20181022.)
20181030 20181025 (actual 7days before is 20181023, but there is no file so I'd like to use the 20181025.csv That is the nearest file to 2018/10/23. (between 2018/10/30 and 2018/10/23))
So i'd like know the search or comparison query in order to display the result as above .
... View more