Splunk Search

How to filter on KV Store lookup time-based fields using a time picker?

nawneel
Communicator

I have a large data set in my KV Store collections. These fields also contains time specific fields. I would like to perform filtering on these time based fields by time picker. Any suggestions for implementation.

0 Karma
1 Solution

woodcock
Esteemed Legend

Like this:

| inputlookup MyKVstoreName | addinfo | where MyTimeField >= info_min_time AND MyTimeField <= info_max_time

View solution in original post

woodcock
Esteemed Legend

Like this:

| inputlookup MyKVstoreName | addinfo | where MyTimeField >= info_min_time AND MyTimeField <= info_max_time

nawneel
Communicator

This Works wonders . thanks @woodcock

0 Karma

tnesavich_splun
Splunk Employee
Splunk Employee

Perfect Gregg! Thanks for this. Elegant and effective.

0 Karma

frechette
Explorer

This isn't elegant, it's inefficient. You should be able to filter by time before results are ever brought into the search pipeline.

0 Karma

dnitschke_splun
Splunk Employee
Splunk Employee

You can also add the time filter into the WHERE clause of inputlookup, e.g.

| inputlookup MyKVstoreName WHERE
[| makeresults count=1
| addinfo
| eval info_max_time=if(info_max_time=="+Infinity", 2147483647, info_max_time)
| eval search="( (MyTimeField>=" . info_min_time . ") AND (" . "MyTimeField<" . info_max_time . ") )"
| table search ]

0 Karma

woodcock
Esteemed Legend

I am full of IT, ask anybody.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...