I'm trying to figure out a way to create custom time ranges for reporting. I work at a university and need to run some searches based on semesters. I have the start and end dates for the semesters but I can't figure out how to create the custom time ranges. This is the logic I have so far:
eval Semester =
if ((EventTime>01/01/2011) AND (EventTime<05/30/2011),"1. Spring 2011",
if ((EventTime>08/29/2010) AND (EventTime<12/19/2010),"2. Fall 2010",0))
I'm thinking that something to this effect would work. My problem is that I don't know how to manipulate the timestamps to get this to work. I read about epochtime but I don't know what I need to do to convert my timestamps to epochtime. Any help to point me in the right direction would be greatly appreciated. This is what my logs look like:
L101E-26 MSWinEventLog 1 Application 1 Tue Mar 08 12:43:00 2011 4 WSH N/A N/A Information L101E-26 None ACL-Logon LUID=125965 Action=Logon Platform=Windows_7 Username=ofischer IP=129.113.151.46 MAC=00:21:9B:63:02:24 ComputerName=L101E-26 Lab=Library_Writing_Center EventTime=3/8/2011 12:42:59 0
... View more