Hi Splunkers!
I have a field which name is "Data Identificada" , all the values inside in this field are strings and the format is d/m/y .I have to make a search that will return for me all the results since today (22/04/2019) until 22/04/2018 and dedup all the records found.
I've written this query but it's still not working.
Could you guys help me? Thanks
index="db_archer2" earliest=-8760h latest=now()
| fields "Data Identificada"
| dedup "Data Identificada"
| eval Hoje= now()
| eval Hoje= now()-8760
| convert ctime(Hoje) ctime()
| stats dc
↧
