https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/582960#M203002 <P class="lia-align-left">Hi</P><P class="lia-align-left">here&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/SearchTimeModifiers" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/SearchTimeModifiers</A>&nbsp;is how to use time modifiers on your search. You will find answer to your question there.</P><P class="lia-align-left">r. Ismo</P> Fri, 28 Jan 2022 18:03:06 GMT isoutamo 2022-01-28T18:03:06Z https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/582959#M203001 <P>Hi,</P><P>Iam a newbie and have just started exploring the power of splunk. My below query works fine except that I need the output ONLY for a specific time period ie 2pm and 4pm with a span of 15m and not for entire day</P><P>index=xxxx pod=xxxx CASE(xxxxx) `logRecordType(xxxx)` logName="xxxxxx"<BR />earliest=-3d@d latest=@d|timechart span=30m count|timewrap d</P><P>So basically my output only list me 4 rows with "2days_before","1day_before" and "latest_day".A</P><P>&nbsp;</P><P>Thanks,</P><P>Bhaggs</P> Fri, 28 Jan 2022 17:56:26 GMT https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/582959#M203001 bmer 2022-01-28T17:56:26Z https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/582960#M203002 <P class="lia-align-left">Hi</P><P class="lia-align-left">here&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/SearchTimeModifiers" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/SearchTimeModifiers</A>&nbsp;is how to use time modifiers on your search. You will find answer to your question there.</P><P class="lia-align-left">r. Ismo</P> Fri, 28 Jan 2022 18:03:06 GMT https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/582960#M203002 isoutamo 2022-01-28T18:03:06Z https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/583179#M203066 <P>Thanks&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/214410">@isoutamo</a>&nbsp;I did go through that and understand the use but no where am able to restrict the timewrap to a selected period say LAST 15d between 2pm and 4pm having span=15m etc. It may be possible with some tweak but as I said am in learning process and would appreciate if someone can provide the full command.I will then do a self-learn from same</P> Tue, 01 Feb 2022 09:13:11 GMT https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/583179#M203066 bmer 2022-02-01T09:13:11Z https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/583181#M203067 <P>Here is an one way to do it</P><LI-CODE lang="markup">index=&lt;YOUR INDEX&gt; earliest=-15d@d | eval hours=strftime(_time, "%H") | where hours &gt;= 14 AND hours&lt;=16 | bin span=15m _time</LI-CODE><P>r. Ismo&nbsp;</P> Tue, 01 Feb 2022 09:35:04 GMT https://community.splunk.com/t5/Splunk-Search/Timewrap-with-specific-time-range/m-p/583181#M203067 isoutamo 2022-02-01T09:35:04Z