I have field with values such as "06/12", "13/01", "20/05" i/e human readable dd/mm.
I dont know weather splunk understands the format is date format dd/mm or it takes it as a string.
I have to perform a check on the date , if it is older thn5 working days
(eg if today is Thursday 19th, then anything older than Thursday 12th),
I have tried few related to the following , so far it just gave me blank "strf_time" table
[
index="extractt"
| fieldformat strf_time=strftime(VTN_field_2, "%d/%m/%y")
`comment("fieldformat strf_time = strftime(VTN_field_2, "%d/%m")")`
| table VTN_field_2, strf_time>
]
↧