Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Eval value depending on hour of day

jacqu3sy
Path Finder
‎12-23-2019 01:15 AM

Is there a way to return a specific value if an event is seen between 18:00 and 07:00 the following day?

I need to generate a different value if something occurs overnight.

Was originally thinking of an eval with a > than, but then 02:00 would be less than 11pm so I'm confused as to whether it's possible!

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎12-23-2019 01:43 AM

Hi @ jacqu3sy,
eval command is your solution:

your_search
| eval check=if(date_hour>17 OR date_hour<8,"1","2")
| ...

Ciao and merry Christmas.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎12-23-2019 01:43 AM

Hi @ jacqu3sy,
eval command is your solution:

your_search
| eval check=if(date_hour>17 OR date_hour<8,"1","2")
| ...

Ciao and merry Christmas.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

jacqu3sy
Path Finder
‎12-23-2019 02:03 AM

Perfect. Many thanks. Have a great Xmas.

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? &#x1f680; We invite you to join our elite squad ...