- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to search within each set of time ranges defined in another table, and then run a stats count for each?
![kelvin56887 kelvin56887](https://community.splunk.com/legacyfs/online/avatars/250331.jpg)
kelvin56887
Explorer
10-14-2015
06:55 PM
Table 1:
START_TIME END_TIME
----------------------------------------
S1 E1
S2 E2
S3 E3
[eg. S1="11/8/2015:00:00:00"
, E1="13/9/2015:13:00:00"
]
The search must be started by loadjob
:
| loadjob savedsearch="XXXXXX" .........
What I want to do is to use the "Table 1" to search by "_time" between S1 & E1 OR between S2 & E2 OR between S3 & E3.
And then do the stats count per time range in "Table 1".
i.e. Result table:
TimeRange Count
----------------------------
S1 to E1 100
S2 to E2 32
S3 to E3 33
Thanks in advance~~~!!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![somesoni2 somesoni2](https://community.splunk.com/legacyfs/online/avatars/100305.jpg)
somesoni2
Revered Legend
10-14-2015
09:36 PM
Try something like this
index=foo sourcetype=bar [| loadjob savedsearch="XXXXXX" | table START_TIME END_TIME | convert mktime(*) timeformat="%d/%m/%Y:%H:%M:%S" | rename START_TIME as earliest END_TIME as latest ] | ...rest of the search
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![kelvin56887 kelvin56887](https://community.splunk.com/legacyfs/online/avatars/250331.jpg)
kelvin56887
Explorer
10-15-2015
12:56 AM
But I also want to do the stats count per time range in "Table 1".
i.e. Sample Result table:
TimeRange Count
S1 to E1 100
S2 to E2 32
S3 to E3 33
Thanks.
![](/skins/images/FE4825B2128CA5F641629E007E333890/responsive_peak/images/icon_anonymous_message.png)