Dashboards & Visualizations

query for picking time range - at specified time everyday

1234testtest
Path Finder

Hi, I have my data in the following format

Tue Jan 01 08:00:00 IST 2013 10.10.10.213 Value 23
Tue Jan 01 08:10:00 IST 2013 10.10.10.216 Value 25

I would like to prepare a query which shows average of all the values between 8-9AM everyday.

sourcetype="data" ip=10.10.10.* | stats avg(Value) will give the average but how do I specify relative time range where I get the data between 8-9AM everyday (I have options to specify time in custom time but then I have to give specific date).

Tags (1)
0 Karma
1 Solution

Ayn
Legend

For most events, Splunk will extract a couple of fields beginning with date_, like for instance date_hour that you could use.

sourcetype="data" ip=10.10.10.* date_hour=8 | stats avg(Value)

View solution in original post

Ayn
Legend

For most events, Splunk will extract a couple of fields beginning with date_, like for instance date_hour that you could use.

sourcetype="data" ip=10.10.10.* date_hour=8 | stats avg(Value)

1234testtest
Path Finder

Thank you,

0 Karma

Ayn
Legend

Not sure why you would want to include 9:00 as well, in all usual cases this wouldn't considered to be included in the interval 8-9AM. But, if you really want, just do

sourcetype="data" ip=10.10.10.* (date_hour=8 OR (date_hour=9 AND date_minute=0)) | stats avg(Value)

date_hour uses 24-hour notation so for PM times you'd just use their 24-hour notation equivalent.

0 Karma

1234testtest
Path Finder

Thanks. This gives the time range from 8:00 -8:59 AM
1. How to include 9AM also into this query.
2. if the time format is 12 hour and not 24 hour, how to include AM/PM into this query.
Kindly help.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...