Deployment Architecture

Can you help me SNAP to the nearest 30min?

jadengoho
Builder

Hi all ,

I basically want to snap my time to the nearest 30 min. Like round of the the 30min.

Example :
1) TIME_NOW = 12:45 , earlier 30min is 12:30
2) TIME_NOW= 12:59 , earlier 30min is 12:30
3) TIME_NOW = 1:01 , earlier 30min is 1:00

thanks in advance

Tags (2)
0 Karma
1 Solution

HiroshiSatoh
Champion

I converted it into time and used BIN.

| makeresults |eval TIME_NOW = "12:45"
| append [| makeresults |eval TIME_NOW = "12:55"]
| append [| makeresults |eval TIME_NOW = "13:01"]
| eval TIME_NOW=strptime(TIME_NOW,"%H:%M")
| bin TIME_NOW span=30m|stats count by TIME_NOW
| eval TIME_NOW=strftime(TIME_NOW,"%H:%M")

View solution in original post

0 Karma

jadengoho
Builder

HI, woodcock and Hiroshi Satoh,
I have tried it on doing on a query But I will be needing this on the time picker advance option.
Cause I will use it on both dashboard panel and save search settings.
alt text

0 Karma

jadengoho
Builder

Is there a way i can do this on the time range picker

0 Karma

woodcock
Esteemed Legend

I have no idea what you mean.

0 Karma

jadengoho
Builder

i just want to round of the time now to the earliest 30min,
example the time now is 12:45, the time that it will get is 12:30.

can this be done on the time range picker itself

0 Karma

woodcock
Esteemed Legend

Just add this to your search:

... | bucket TIME_NOW span=30m@m
0 Karma

HiroshiSatoh
Champion

I converted it into time and used BIN.

| makeresults |eval TIME_NOW = "12:45"
| append [| makeresults |eval TIME_NOW = "12:55"]
| append [| makeresults |eval TIME_NOW = "13:01"]
| eval TIME_NOW=strptime(TIME_NOW,"%H:%M")
| bin TIME_NOW span=30m|stats count by TIME_NOW
| eval TIME_NOW=strftime(TIME_NOW,"%H:%M")
0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...