I have a .csv file as a lookup file that gets updated daily with new records.
It has a number of fields one being date_added ( example field format : 2016-04-17T04:23:40 ) . I am after an easy way to be able to display only the entries added in the last 24 hours ( in the ideal world something like date_added=-24h) .
Reason i am after this is i am creating a splunk report that will take the new entries added to this csv and then do a subsearch .
Any ideas how this can be done?
↧