Advent of Code is now back for a limited time only! Complete as many challenges as you can to earn those badges you may have missed in December. Learn more about how to participate here!
community Alteryx IO MyAlteryx
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Start Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.
SOLVED

Help joining data on two fields and one is a variable time range

barnese
7 - Meteor
‎05-27-2025 11:44 AM

Hi Alteryx Experts,

I am looking for some help joining two different data sets.  I am trying to match a user to an IP address, I have the user and source port in one log along with login time and the source port and source IP in a second log.  The problem is the time stamps are not an exact match and source ports can be reused - the logs with the source source IP information are not time stamped, only have a time stamp which relates to the time when it was entered into the log which can be up to a few minutes delay.   See some fake sample data below.

 

Application log:

userLoginTimeport
abc5/26/2025 7:0012345
def5/26/2025 7:0254321
ghi5/26/2025 7:0398587
jkl5/26/2025 7:0712345

 

 

src_ipsrc_port_time
10.100.100.1123455/26/2025 7:05
10.200.200.2543215/26/2025 7:06
10.300.300.3985875/26/2025 7:04
10.400.400.4123455/26/2025 7:08

 

Desired result table:

 

usersrc_ip
abc10.100.100.1
def10.200.200.2
ghi10.300.300.3
jkl10.400.400.4

 

For this sample the tricky part is making sure that user abc is only linked to 10.100.100.1 and jkl to 10.400.400.4 since they share a source port and happened somewhat close together

 

Any help on how I can achieve this? 

 

Thanks!

Labels:
Reply
0 Likes

Accepted SolutionSolved! Go to Solution.

2 REPLIES 2
apathetichell
19 - Altair
‎05-27-2025 12:54 PM

my recommendation ---> 1 of 2 ways:

 

1) convert time stamps to milliseconds --- create buckets based upon your metric (ten seconds, a minute/whatever) --- join on that field and port.

2) join on port --- use datetimediff to find closest time stamp. use sort/tile to choose closest time stamp.

Reply
Dhrish
8 - Asteroid
‎05-28-2025 07:51 AM

@barnese I made a workflow for you. There would be times when the difference of times would be negative, so you need to remove that as well. Hope this helps.

Time search.yxmd
Reply
Christmas in July Blog
designer new user guide
Labels
Top Solution Authors
View All