Archive

Time Specifier (Yesterday 12AM until Yesterday at current time)

Communicator

Trying to compare numbers of events that have come in from 12AM until NOW, with yesterday's data 12AM until NOW(Yesterday).

How would I specify that in a search? I know yesterday is just @d-1, but can't seem to get the right latest time.

Tags (1)
0 Karma
1 Solution

Splunk Employee
Splunk Employee

I might try "-24h" for the latest time.

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

I might try "-24h" for the latest time.

View solution in original post

0 Karma

Communicator

oh man.. there's my stupid question for the day 🙂

Thanks!

0 Karma