Archive
Highlighted

How do i query for those results occurred before 9 AM today?

I have get some statistics about some thread which has occured as of 9AM today..i dont want it to return any results assoicated with post 9AM thing.

Tags (1)
0 Karma
Highlighted

Re: How do i query for those results occurred before 9 AM today?

Influencer

Part of the Search Tutorial introduces you to the time range picker which lets you adjust your search time window to only include those events in a timerange you're interested in. I should note, this also happens to be rule number 1 of faster searches... limit your search time window down to only that which you're interested in.

https://docs.splunk.com/Documentation/Splunk/6.5.3/SearchTutorial/Aboutthetimerangepicker#Specify_da...

Highlighted

Re: How do i query for those results occurred before 9 AM today?

Legend

Hi chetanhonnavile,
insert in every search this condition date_hour<9, something like this:

your_search date_hour<9
| ...

Bye.
Giuseppe

0 Karma
Highlighted

Re: How do i query for those results occurred before 9 AM today?

Communicator

you can use date and time rand which is available in time picker right?

0 Karma