Hi,
We integrated Splunk to ServiceNow and looking to find a late closure incidents.
For this we have 2 fields **Stopdate**, **closeddate**... we need to evaluate a new field **Late Closure** using these 2 dates.
1. we need to find the diff of Stopdate and closeddate
2. We need to list if Late closure > 5 (excluding weekends)
3. For few of them, we don't have closed date. We need to compare with current date and evaluate number of late closure for these?
Stopdate and closeddate is of this format: `08-01-2016 05:00:00 MST`
base search...|table Stopdate closeddate
Can someone please help us with the search?
↧