I have a dashboard that queries a Lookup file. The Lookup file contains a column containing Date Timestamps in this format DD/MM/YY. The column name in the Lookup is Date. It is called "Date (DD/MM/YY)" in the dashboard statistics panel.
I am converting that DD/MM/YY string to Unix time in the drill-down using something like this:
| eval unixtime=strptime('Date',"%d/%m/%y")
Which gives results like this:
Date unixtime
06/02/20 1580947200.000000
1580947200.000000
Is equivalent to:
02/06/2020 @ 12:00am (UTC)
That's a good start, but I want the drill-down search to search that entire 24 hour period. So all of 06/02/20, 24 hours.
Something like this seems like it would work.
strptime($row."Date (DD/MM/YY)"$,"%d/%m/%y") strptime($row."Date (DD/MM/YY)"$,"%d/%m/%y")+86400
86400 being the number of seconds in a day.
But I can't quite get it working. Can anyone point me in the right direction?
↧
