Splunk Search

Hi everyone, can someone please tl how can we set up a report where we are fetching last 6 month period

New Member

for ex: if i am running the report on 5th of may, i will need the data from 1st of November till 30 apri and i l need to run this report every month for last 6 months , m on 6.x

how can i set this report so that whenever we run the report for the last months period, it does not include current month..Thank you.

0 Karma


To start 6 months ago, use earliest=-6mon@mon. To end at the beginning of the current month, use latest=@mon.

If this reply helps you, an upvote would be appreciated.
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!