Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

In a alert I have to give earliest time as 12 Am , How do i write it as earliest=12 Am

ugramkonda
New Member
‎03-22-2017 05:51 AM

I have a requirement that I need to monitor Splunk license, I'm calculating the size of index for the day, here i need to give the earliest time = 12 AM How should i give this??

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-22-2017 05:54 AM

12AM as in midnight early today?

Try @d - skips to start of day. -5d@d for midnight five days ago... and so on.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-22-2017 05:54 AM

12AM as in midnight early today?

Try @d - skips to start of day. -5d@d for midnight five days ago... and so on.

0 Karma
Reply
Solved! Jump to solution

ugramkonda
New Member
‎03-22-2017 06:04 AM

Thanks Martin

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...