Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Searching events that occur with within a range time but across all days

wbordeau
Explorer
‎12-02-2011 08:38 AM

I see how I can use absolute time ranges to filter my searches but what I'm trying to do is get back results for say all events that occur between 1:00AM to 2:00AM every day not just between some custom start and end times.

Is this possible? And if so, can you provide some example search filters?

Thanks!

Tags (2)
0 Karma
Reply

Ayn
Legend
‎12-02-2011 10:01 AM

Please don't post updates to your question as answers, that way it looks like your question is already answered.

Splunk automatically creates a number of date_* fields for most sources, including date_hour. You can use this field to filter the results in the way you want.

date_hour>=1 AND date_hour<=2
Reply

wbordeau
Explorer
‎12-02-2011 09:00 AM

I found in another thread I could do the following if you want to filter for interesting traffic that tends to occur in the first 10 minutes of any hour.

sourcetype="udp:514" host="x.x.x.x" * keywords AND date_minute < 10

0 Karma
Reply

wbordeau
Explorer
‎12-02-2011 08:42 AM

I wonder if a RegEx would work.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...