•  26-06-2022
  •  | 
  •  

문제

I need to be able to search for log entries with a specific start date, which has nothing to do with _time. The format is, for example, Start_Date: 08/26/2013 4:30 PM.

I need to add a condition in my search to specify the date, but not the time. I tried strptime and strftime unsuccessfully.

For example, I tried converting start date to a string (without time) and compare it to another string:

"08/26/2013"=strftime(Start_Date, "%d/%m/%Y")

This didn't work either:

 "08/26/2013"=strftime(strptime(Start_Date "%d/%m/%Y %I:%M %p"), "%d/%m/%Y")

Any ideas how to solve this?

도움이 되었습니까?

해결책

A * did the trick: Start_Date=08/26/2013*

Answer here: http://answers.splunk.com/answers/100630/splunk-date-comparison

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top