Hello splunk communitie,
i am trying to make a comparison between the time in a event named Account_Expires against the time now.
I was trying a couple of things but nothing seems to work. the code below is where i gave up and asked for your help.
the idea is that there will be a x filled in test if the Account_expires date is in the pas from the pressent.
`index=example host=Host_ID EventCode=4738
| dedup _time
| eval datum =strftime(_time, "%d-%m-%Y %l:%M %p")
| rename src_user as "veranderd door"
| eval test1 =strftime(_time, "%d-%m-%Y %l:%M:%S")
| eval test =if(now < test1, "X", "Y")
| table user,EventCode,"veranderd door",datum, Account_Expires, test, test1,test2
| sort datum
| fields - EventCode`
With Kind regards
↧