×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jedimuffin
Observer
Member since: ‎10-10-2022
‎03-28-2025
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-10-2022
View All

Re: Comparing Dates in Results- How do I get a lat...

by in Splunk Search
‎10-14-2022 09:56 AM
‎10-14-2022 09:56 AM
thank you! this works except for the conditional comparison of the where clause. but, I can just export the results and go from there. Thanks! ... View more

Re: Comparing Dates in Results- How do I get a lat...

by in Splunk Search
‎10-13-2022 07:49 AM
‎10-13-2022 07:49 AM
| stats earliest(*_*) as *_* by username this  drops it to one column of just a list of just usernames  ... View more

Re: Comparing Dates in Results- How do I get a lat...

by in Splunk Search
‎10-13-2022 07:35 AM
‎10-13-2022 07:35 AM
thank you. But I get 0 results and I dont understand what the search is doing. Also, in the where clause, that is the first time first_online and last_retail are mentioned? I will keep working on it ... View more

Comparing Dates in Results- How do I get a laterda...

by in Splunk Search
‎10-10-2022 01:39 PM
‎10-10-2022 01:39 PM
Hello, I have the search built that generates the results I want. But, the goal is to also be able to track high number of online orders after someone made a retail order. index=data sector=Retail | stats earliest(_time) as firstretailapp latest(_time) as lastretailapp by username | join username [| search index=data sector=Online | stats earliest(_time) as firstonlinesale latest(_time) as lastonlinesale by username] | convert ctime(firstretailsale) ctime(lastretailsale) ctime(firstonlinesale) ctime(lastonlinesale) When these results populate, I can not get the firstonlinesale to be a later date than the lastretailsale. I have tried | eval difference =time1-time2, and where difference >1 and other command searches to try and match up something but am unsuccessful.  Thanks! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-28-2025 11:05 AM