Hi Splunkers , I've tried this query to return events between two specific dates.
Here is the query:
index="db_rsa_archer"
| eval Data Identificada=strptime('Step Due Date', "%d/%m/%Y/")
| eval days = round((now()-dateDue))
| fields "Nome do Projeto"
| table "Nome do Projeto" ,"Data Identificada"
| dedup "Nome do Projeto"
So , I gotta find results between 18/04/2018 until 18/04/2019 (limit date) in this string field (Data Identificada) and then remove the duplicates by "Nome do Projeto"
The result is supposed to be 25 events , but it returns for me 313 events.
Thank you!
↧