Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get a 'now()' function to return the current time rounded to the nearest minute/hour?

sjanwity
Communicator
‎11-05-2014 05:43 AM

My search is a scheduled report and calls the now()function to only get entries from a specific time away, using the relative_time method. However, the search is usually executed 2-5 seconds late (I don't know why, but that's what the splunk job report says) so I think it'll miss entries which were done 1 second past the clock. So how do I get the now() function to round down so the missing records are taken in as well?

Tags (3)
Reply

MuS
Legend
‎11-05-2014 05:48 AM

Hi sjanwity,

you can not only use -1min with relative_time(), you can use also things like -1min@min or -2d@d which will snap to the minute or hour.
See the docs for more information on this topic http://docs.splunk.com/Documentation/Splunk/6.1.2/Search/Specifytimemodifiersinyoursearch

cheers, MuS

Reply

sjanwity
Communicator
‎11-05-2014 06:12 AM

hi MuS, can I do things like now()@min? That's really what I wanted.

0 Karma
Reply

MuS
Legend
‎11-05-2014 06:14 AM

more like 

relative_time(now(), "@min")
0 Karma
Reply
Get Updates on the Splunk Community!

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...