Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How could I look only at a defined time span in real-time-search?

Felix82
Explorer
‎07-12-2021 06:38 AM

Hi, 

 

I'm new in working with Splunk - I began to explore the program last monday...

I have the task to create a dashboard for visualizing the availibility of a machine. My working base: The machine data, additional  disorder reports by workers (implemented by tablets) and the knowledge about the working times (monday till friday, 5.30am till 10.30pm).

Now I want to use the daily data in timerange from 5.30am till 10.30pm because the availibility should only represents the disorder times in relation to real working time. How could I do that without a specified date?

 

Many Thanks and Greetings from Germany, 

Felix

Labels (1)
Labels
0 Karma
Reply

Felix82
Explorer
‎07-12-2021 11:09 PM

Hi Michel,

 

thank you for sharing your experiences! It's so difficult and extensive to get an overview around all commands and functions... I will test your parameters then give you feedback.

 

Greetings, 

Felix

0 Karma
Reply

michel_wolf
Path Finder
‎07-12-2021 08:10 AM

Hi Felix,

you need to extract these requirements from your date field to filter it. You can perform your search for example like index=.... earliest=-7d@d latest=now to get all your data from the last 7 days.

Then you can add something like this

| eval day=strftime(_time,"%u")
| search day IN (1 2 3 4 5)

| eval timestampStart="05:30:00"
| eval timestampEnd="22:30:00"
| eval timestampDate = strftime(_time,"%H:%M:%S")

| where timestampDate >= timestampStart AND timestampDate <= timestampEnd

 

Michel

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...