Splunk Search

Buckets in splunk- Is it possible to do a 10 minutes from event not 10 minute window?

Mckechnie
Engager

Hi all,

Wondering if it is possible to do 10 minute search from when you see an event instead of doing 10 minute windows such as "| bin _time span=10m as window" as this just looks at minutes from the hour? 

Labels (1)
Tags (2)
0 Karma

johnhuang
Motivator

 

| bin _time span=10m aligntime=latest

 

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...