https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109937#M23092 <P>hey </P> <P>thanks for the answer but that is not working should i specify germany in the place of country or it automatically picks </P> Thu, 09 Jul 2015 10:24:54 GMT deepthi5 2015-07-09T10:24:54Z https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109935#M23090 <P>Hello ,</P> <P>I have got an urgent requirement pls help me </P> <P>I am different countries data pulled and indexed into SPLUNK daily <BR /> ex,Australia.csv,Budapest .csv,germany.csv etc for which i am generating 95th percentile values </P> <P>Now the requirement is i should be able to generate 95th percentile only from Monday to Friday and only in working hours of that particular country which seems to be difficult </P> <P>Right now i havve got an idea using the following query :</P> <P>source="C:\germany.csv" host="SEZ00VVM-153" sourcetype="csv" date_wday!=saturday AND date_wday!=sunday date_hour&gt;=9 date_hour&lt;= 17 | eval Intraffic=IN/1048576 |timechart span=1h perc95(Intraffic) AS 95thPercentile</P> <P>but when multiple files are indexing how should i tell splunk that working hours of germany is 9 to 5 and budapest is 10 to 4 etcc</P> <P>thanks ,<BR /> Deepthi </P> Tue, 29 Sep 2020 06:37:36 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109935#M23090 deepthi5 2020-09-29T06:37:36Z https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109936#M23091 <P>You could create a lookup file that contains country name and working hours. For example, the file might contain</P> <PRE><CODE>Country, start_hour, end_hour germany, 9, 17 budapest, 10, 16 </CODE></PRE> <P>Then your query becomes</P> <PRE><CODE>source="C:germany.csv" host="SEZ00VVM-153" sourcetype="csv" date_wday!=saturday AND date_wday!=sunday | lookup Country OUTPUT start_hour end_hour | where date_hour&gt;=start_hour AND date_hour&lt;= end_hour | eval Intraffic=IN/1048576 |timechart span=1h perc95(Intraffic) AS 95thPercentile </CODE></PRE> Wed, 08 Jul 2015 12:55:09 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109936#M23091 richgalloway 2015-07-08T12:55:09Z https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109937#M23092 <P>hey </P> <P>thanks for the answer but that is not working should i specify germany in the place of country or it automatically picks </P> Thu, 09 Jul 2015 10:24:54 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109937#M23092 deepthi5 2015-07-09T10:24:54Z https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109938#M23093 <P>You will need to populate a field called 'Country' with the name of the country in question. Or you could replace 'Country' with another field from your query that contains the country name.</P> Fri, 10 Jul 2015 11:51:54 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-pick-the-time-range-for-different-source-file/m-p/109938#M23093 richgalloway 2015-07-10T11:51:54Z