Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

Basic Query using Dates

$
0
0
We have indexed fields like the following: fname (a-z*) lname (a-z*) pdate (name_month day year) policy ( strong or weak) I'm able to do a query and returned all of the usernames with a strong policy (policy = 'strong'). If I try to also query for a password change date prior to May 1st (pdate > 'May 25 2019'), I get results with users that have password changes after that date. I believe I need to somehow convert the date perhaps with the strftime function, because maybe it's not comparing the the fields as dates, but how would I do that and actually construct the query? I've read the docs and tried some copy/pastes w/o a working solution. Thanks

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>