Solved: Can I extract the time value selected from the tim...

RecoMark0 · ‎02-04-2015

Hello,
I am wondering if the timerange value a user selects for a search is able to be extracted from a field.

For instance, if I select "24 hours", is there a field with a value of "24" or even "86400000" for milliseconds value. I think sideview has a variable, but I was wondering if it is available in just a standard search in splunk.

Thank you!

martin_mueller · ‎02-04-2015

You can add this to your search:

... | addinfo

That will, amongst other things, add two fields info_min_time and info_max_time to your results giving you the beginning and end of the time range used for that search.

http://docs.splunk.com/Documentation/Splunk/6.2.1/SearchReference/addinfo

View solution in original post

martin_mueller · ‎02-04-2015

You can add this to your search:

... | addinfo

That will, amongst other things, add two fields info_min_time and info_max_time to your results giving you the beginning and end of the time range used for that search.

http://docs.splunk.com/Documentation/Splunk/6.2.1/SearchReference/addinfo

RecoMark0 · ‎02-04-2015

Thank you! This worked perfectly! I created a new field subtracting max_time by min_time to get total seconds

Can I extract the time value selected from the timerange selection?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms