Archive
Highlighted

How to search events happened before a particular statement in the log file.

New Member

Hi,

We are using SPLUNK in our organization (I work for AT&T) and I need to know how do I search any events before a statement in the log file. E.g. we have a statement in the log file - "Agent Table Change, Verifying FT State" and I want to find all the events happened before the first incidence of this statement in the log file.

Please help on this.

0 Karma
Highlighted

Re: How to search events happened before a particular statement in the log file.

SplunkTrust
SplunkTrust

You're looking for localize with a timebefore of some value and a timeafter of zero, piped into map. See http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/localize for reference.

0 Karma