•  26-06-2022
  •  | 
  •  

Вопрос

I need to be able to search for log entries with a specific start date, which has nothing to do with _time. The format is, for example, Start_Date: 08/26/2013 4:30 PM.

I need to add a condition in my search to specify the date, but not the time. I tried strptime and strftime unsuccessfully.

For example, I tried converting start date to a string (without time) and compare it to another string:

"08/26/2013"=strftime(Start_Date, "%d/%m/%Y")

This didn't work either:

 "08/26/2013"=strftime(strptime(Start_Date "%d/%m/%Y %I:%M %p"), "%d/%m/%Y")

Any ideas how to solve this?

Это было полезно?

Решение

A * did the trick: Start_Date=08/26/2013*

Answer here: http://answers.splunk.com/answers/100630/splunk-date-comparison

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top