Solved: Dynamic query to get the result in specific timefr...

anirban_nag · ‎10-06-2016

I have a specific timeframe say from 1AM to 2AM. In this 1 hour I want to see all the failures from my log. But I want to see this timeframe failures not for only today but for N no of days. This N will be specified from the Date Range dropdown.

Bouns point if I can get the result for each day in a column chart side by side.

inventsekar · ‎10-06-2016

we can use date_hour and solve this specific timeframe issue.
Try this one -

 index=main sourcetype=yourSourcetype earliest=-31d latest=-1d (date_hour > 1 OR date_hour < 2) | chart count(Failure) by sourcetype over host

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

View solution in original post

inventsekar · ‎10-06-2016

we can use date_hour and solve this specific timeframe issue.
Try this one -

 index=main sourcetype=yourSourcetype earliest=-31d latest=-1d (date_hour > 1 OR date_hour < 2) | chart count(Failure) by sourcetype over host

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

Dynamic query to get the result in specific timeframe for any days

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform