Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to search from yesterday at certain time until today

cheyenne15
New Member
‎06-26-2017 02:43 PM

I am looking to create a search looks at after hour activities. How would you search for events from yesterday beginning after 5pm until 7am.

earliest=-1d@d and latest=@d

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vasanthmss
Motivator
‎06-26-2017 03:40 PM

try something like this,

earliest= "-1d@d+17h@h" latest="@d+7h@h"
V

View solution in original post

Reply
Solved! Jump to solution

acharlieh
Influencer
‎06-26-2017 03:40 PM

When specifying relative time modifiers in your search you can chain together modifiers...

So earliest=@d-7h latest=@d+7h would be 5p (snap to midnight then subtract 7 hours) to 7a (snap to midnight and add 7 hours)
Alternatively earliest=-d@d+17h snap to midnight yesterday, and add 17hours (5p)

Reply
Solved! Jump to solution

cheyenne15
New Member
‎06-27-2017 07:50 AM

Thanks! The response in the forum is amazing!

0 Karma
Reply
Solved! Jump to solution
Solution

vasanthmss
Motivator
‎06-26-2017 03:40 PM

try something like this,

earliest= "-1d@d+17h@h" latest="@d+7h@h"
V
Reply
Solved! Jump to solution

cheyenne15
New Member
‎06-27-2017 07:50 AM

It works perfectly! Thanks so much.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...