Archive

Skip one hour in one day search

New Member

I wanted to search for full day except one hour from 6.30am to 7.30am. I am not able to do it. Can anyone help me in this.

0 Karma
1 Solution

Legend

There's no foolproof way of putting this as an initial filter in your search that I know of, however you could create fields and then filter on those:

<yourbasesearch> | eval hourandminute=strftime(_time,"%H").strftime(_time,"%M") | search NOT (hourandminute>=630 AND hourandminute<=730)

View solution in original post

Legend

There's no foolproof way of putting this as an initial filter in your search that I know of, however you could create fields and then filter on those:

<yourbasesearch> | eval hourandminute=strftime(_time,"%H").strftime(_time,"%M") | search NOT (hourandminute>=630 AND hourandminute<=730)

View solution in original post

New Member

Thanks Ayn.

0 Karma