Relatively new to splunk. I have a csv that has been splunked and splunk extracted the header record and assigned the fields accordingly. Within each record, there are multiple date/time fields. Splunk extracted the first as the record date, which is fine, but I would also like to leverage the other date fields for searches. When I try to perform a > , it doesn't process the search properly. Below is my search and also header record and one example from raw data.
index=gops STATUS=closed CLOSE_DATE>"6/1/10 00:00"
P_NUMBER,OPEN_TIME,CATEGORY,ASSIGNMENT,UPDATE_TIME,STATUS,CLOSE_TIME,P_LAST,FLAG,BRIEF_DESCRIPTION,UPDATED_BY,ASSIGNEE_NAME,AGREEMENT_ID,PROBLEM_STATUS,PRIORITY_CODE,NETWORK_NAME,PROD_OUTAGE_FMR,IMPACT_DURATION_FMR,IMPACT_AFFECTS_FMR,OPENED_BY,TICKET_OWNER,INCIDENT_HYPERLINK,TICKET_AGE
IM102265071,6/28/10 10:02,application,group,6/28/10 11:05,closed,6/28/10 11:05,t,f,desciption,NAME,NAME,[NULL],Closed,High,CI,1.05,0.216667,[NULL],NAME,group,link
Any help would be greatly appreciated.
... View more