topic Re: Log searching Splunk in Splunk Search

Log searching Splunk

av_ — Wed, 20 Mar 2024 13:21:16 GMT

I am searching some logs in an application for the last 24 hours (or any time range the user has selected). Is it possible to search the same logs in another application for the next day?

Eg: if the user has selected the time range as last one hour, can I see the trajectory of those logs over a period of next day?

Re: Log searching Splunk

marnall — Wed, 20 Mar 2024 21:48:06 GMT

As in running the same search that another user has previously run, but in a different time period?

Re: Log searching Splunk

av_ — Thu, 21 Mar 2024 02:05:39 GMT

@marnall @Not really, it’s like if I’m running the search for last 24 hrs, I’d like to see the data for now()+1d.

Re: Log searching Splunk

bowesmana — Thu, 21 Mar 2024 05:27:00 GMT

When you say "in another application" what do you mean

The predict command can be used to predict future trends

https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/SearchReference/Predict

Re: Log searching Splunk

marnall — Thu, 21 Mar 2024 20:56:40 GMT

Probably the best thing for that, as bowesmana suggested, is the predict command, which would estimate what the data may look like in the future based on its behavior in the past.

Unless you have data with timestamps in the future, you can't actually look at future data. now()+1d should be empty.