https://community.splunk.com/t5/Splunk-Search/Skip-one-hour-in-one-day-search/m-p/199349#M187491 <P>I wanted to search for full day except one hour from 6.30am to 7.30am. I am not able to do it. Can anyone help me in this.</P> Wed, 26 Mar 2014 08:43:20 GMT abhi144 2014-03-26T08:43:20Z https://community.splunk.com/t5/Splunk-Search/Skip-one-hour-in-one-day-search/m-p/199349#M187491 <P>I wanted to search for full day except one hour from 6.30am to 7.30am. I am not able to do it. Can anyone help me in this.</P> Wed, 26 Mar 2014 08:43:20 GMT https://community.splunk.com/t5/Splunk-Search/Skip-one-hour-in-one-day-search/m-p/199349#M187491 abhi144 2014-03-26T08:43:20Z https://community.splunk.com/t5/Splunk-Search/Skip-one-hour-in-one-day-search/m-p/199350#M187492 <P>There's no foolproof way of putting this as an initial filter in your search that I know of, however you could create fields and then filter on those:</P> <PRE><CODE>&lt;yourbasesearch&gt; | eval hourandminute=strftime(_time,"%H").strftime(_time,"%M") | search NOT (hourandminute&gt;=630 AND hourandminute&lt;=730) </CODE></PRE> Wed, 26 Mar 2014 08:59:06 GMT https://community.splunk.com/t5/Splunk-Search/Skip-one-hour-in-one-day-search/m-p/199350#M187492 Ayn 2014-03-26T08:59:06Z https://community.splunk.com/t5/Splunk-Search/Skip-one-hour-in-one-day-search/m-p/199351#M187493 <P>Thanks Ayn.</P> Wed, 26 Mar 2014 09:27:30 GMT https://community.splunk.com/t5/Splunk-Search/Skip-one-hour-in-one-day-search/m-p/199351#M187493 abhi144 2014-03-26T09:27:30Z