Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can someone help me understand this search and how I can get the current May month time?

Keerthi
Path Finder
‎05-11-2023 07:59 AM

Hi, I am new to splunk and need to understand the below query and the results coming. 

| eval c_time=(strftime(latest,"%d"))
| eval c_time2 = c_time * 86400
| eval newdate=latest - c_time2
| where _time >=newdate



The results:

Keerthi_0-1683817136723.png

can anyone please explain the above query and the results and why we are multiplying with  c_time * 86400
and how do i get the current may month time.

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-11-2023 08:24 AM

Hi @Keerthi,

the first row extracts the day number from the latest field (I suppose a date in epochtime, otherwise it doesn't run).

The second one calculates the number of seconds in the number of days (86400 is the numer of seconds in 24 hours), I don't know why.

the third row try to calculate the difference between the latest field and the number of seconds, but in my opinion it's a non sense because you should compare two dates, not a date and a calculated number.

the last row filter results taking only events with timestamp after ctime2

But if you have to take only events in a period of x days you can have the same result in an easier way:

| eval diff=now()-_time
| where diff>=n*86400

where n is the number of days that you want consider in your time period, and not the day number in the latest da field.

Ciao.

Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...