Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Exclude search on a specific time at a specific weekday (weekly maintenance window)

skyrider1
New Member
‎01-11-2013 12:32 AM

Hi

We have a search where we get the request time out of a webapplication. Of course those request times suffer during our weekly maintenance window. Now i tried to filter out those specific times by using the following filter:

|eval myHour=strftime(_time, "%H")
|eval myDay=strftime(_time, "%a")
|where NOT (( myHour >= 18 ) AND ( myHour <= 22 AND myDay=Thu))

The myDay on it's own doesn't work..

Somewho it's not working that way, so i appreciate any help...

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎01-11-2013 01:05 AM

Could you not use the date_* fields for this? Those should work unless you have servers in different time zones.

sourcetype=your_web_app NOT (date_wday = thursday date_hour >=18 date_hour <= 22 )

/Kristian

View solution in original post

Reply
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎01-11-2013 01:05 AM

Could you not use the date_* fields for this? Those should work unless you have servers in different time zones.

sourcetype=your_web_app NOT (date_wday = thursday date_hour >=18 date_hour <= 22 )

/Kristian

Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...