https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650349#M224821 <P>I am not entirely sure I understand your requirement. However, if you want a scheduled report to run every 5 minutes at 2 minutes past, 7 minutes past, 12 minutes past, etc. with a search window of 0-5,&nbsp; 5-10, 10-12 etc., you would schedule the report with this cron expression</P><LI-CODE lang="markup">2-57/5 * * * *</LI-CODE><P>and a timepicker setting like this</P><LI-CODE lang="markup">earliest=@m-7m latest=@m-2m</LI-CODE> Thu, 13 Jul 2023 09:31:43 GMT ITWhisperer 2023-07-13T09:31:43Z https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650345#M224818 <P>Hi Splunk Experts,<BR /><BR />I've a scheduled savedSearch where it runs every 5 mins, with the Schedule window of 2 minutes. Instead of searching for last 5 mins, I want to achieve something like 00 to 05 mins, 05 to 10 mins, 10 to 15 mins and so on. Is it possible to achieve this in the search, could someone please shred some lights. Thanks in advance!!<BR /><BR /></P><LI-CODE lang="markup">| eval STime=now()-300, ETime=now() | bin STime span=5m | bin ETime span=5m</LI-CODE><P>&nbsp;</P> Thu, 13 Jul 2023 08:51:03 GMT https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650345#M224818 Thulasinathan_M 2023-07-13T08:51:03Z https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650349#M224821 <P>I am not entirely sure I understand your requirement. However, if you want a scheduled report to run every 5 minutes at 2 minutes past, 7 minutes past, 12 minutes past, etc. with a search window of 0-5,&nbsp; 5-10, 10-12 etc., you would schedule the report with this cron expression</P><LI-CODE lang="markup">2-57/5 * * * *</LI-CODE><P>and a timepicker setting like this</P><LI-CODE lang="markup">earliest=@m-7m latest=@m-2m</LI-CODE> Thu, 13 Jul 2023 09:31:43 GMT https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650349#M224821 ITWhisperer 2023-07-13T09:31:43Z https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650353#M224823 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;<BR /><BR />Thanks for the assistance, let me try to break-down my requirement:<BR /><BR />I scheduled a report to run&nbsp;<SPAN class="">*/</SPAN><SPAN class="">5</SPAN><SPAN>&nbsp;</SPAN><SPAN class="">*</SPAN><SPAN>&nbsp;</SPAN><SPAN class="">*</SPAN><SPAN>&nbsp;</SPAN><SPAN class="">*</SPAN><SPAN>&nbsp;</SPAN><SPAN class="">* (Every 5 mins), with scheduler window of 2 mins (the scheduler can kick-off the report anytime within this 2 mins window). But irrespective of the time when it gets kicked-off I want to search the index for accurate 5 mins.<BR />Lets say the scheduler started at 11:16:32.000 but I want to search in index within time of (earliest 11:10:00.000, latest 11:15:00.000).</SPAN></P> Thu, 13 Jul 2023 09:59:12 GMT https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650353#M224823 Thulasinathan_M 2023-07-13T09:59:12Z https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650356#M224826 <P>Try adding this to your initial search</P><LI-CODE lang="markup">&lt;your search&gt; [| makeresults | addinfo | eval latest=info_max_time-(info_max_time%300) | eval earliest=latest-300 | fields earliest latest]</LI-CODE> Thu, 13 Jul 2023 10:18:30 GMT https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650356#M224826 ITWhisperer 2023-07-13T10:18:30Z https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650361#M224830 <P>Thanks&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>. Working like a charm!! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 13 Jul 2023 10:50:45 GMT https://community.splunk.com/t5/Splunk-Search/How-to-set-earliest-and-latest-time-based-on-current-time-in/m-p/650361#M224830 Thulasinathan_M 2023-07-13T10:50:45Z