Re: Between dates condition

Neel88 · ‎02-03-2023

Hello everyone,

I am passing the dates as token but it shows the error in both the condition.

Cond1: | where (Date>="$date_start$" AND Date<="$date_end$")

Cond2: | where (Date>="2022-06-01" AND Date<="2022-06-02")

Please help

gcusello · ‎02-03-2023

to compare dates, you have to transform them in epochtime using the strptime function, you cannot compare dates in text format.

The only apparent exception is _time, but it's only apparence because it's already in epochtime.

something like this:

<your_search>
| eval date_start=strptime($date_start$,"%Y-%m-%d"), date_end=strptime($date_end$,"%Y-%m-%d"), Date=strptime(date,"%Y-%m-%d")
| where Date>=date_start AND Date<=date_end
| ...

Ciao.

Giuseppe

Neel88 · ‎02-03-2023

Hi,

Thank you for your response.

I have tried and getting this error.

gcusello · ‎02-03-2023

Hi @Neel88,

this is a different problem:

in the simple xml dashboards you cannout use "<" or ">" but you have to use: "<" and ">"

Ciao.

Giuseppe

Neel88 · ‎02-03-2023

Thank you for your response.

| where (Date = ">","$date_start$") AND (Date = "<","$date_end$")

I am very new with this tool. I am not getting result.

gcusello · ‎02-03-2023

Hi @Neel88,

I used quotes to delimit the strings, use them without quotes:

<your_search>
| eval date_start=strptime($date_start$,"%Y-%m-%d"), date_end=strptime($date_end$,"%Y-%m-%d"), Date=strptime(date,"%Y-%m-%d")
| where Date&gt;=date_start AND Date&lt;=date_end
| ...

Ciao.

Giuseppe

Neel88 · ‎02-03-2023

Thank you so much!! Its working fine 🙂

Between dates condition showing error?

chart

Dashboard Studio

form

javascript

panel

simple XML

single value

table

timechart

token

trellis layout

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk