How to search by specific date and time range and ...

mikeyty07 · ‎12-21-2022

I am trying to search with specific date and time. Is it possible to search and compare?

for example, i want to get stats from 2022-12-20 14:00:00 to 2022-12-20 15:00:00 and compare it with other dates like 12/16, 12/10/, 12/5 with same time range. is there a way to get stats compared side by side with other dates
OR
just have the all mentioned dates and time (2p-3p) there in search query ?

bowesmana · ‎12-21-2022

Just put the date/time ranges in the query

(earliest="12/20/2022:14:00:00" latest="12/20/2022:15:00:00") OR
(earliest="12/16/2022:14:00:00" latest="12/16/2022:15:00:00") OR
(earliest="12/10/2022:14:00:00" latest="12/10/2022:15:00:00")

and the the simplest way is to then

| bin _time span=1d
| stats count by _time

or you may have date_hour field auto extracted, in which case you could just set the time picker and use date_hour=3

How to search by specific date and time range and compare with other date and time stats?

chart

count

eval

fields

stats

table

timechart

tstats

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?

How to search by specific date and time range and compare with other date and time stats?