How to specific time range in my search results

AL3Z · ‎03-23-2023

Hi all,

How to give the range to that first and last if the date is in between last 3weeks till today which matches to first or last in the below splunk query.

| eval first = strptime(first_detected, "%Y-%m-%dT%H:%M:%S.%3N%Z"),
last= strptime(last_detected, "%Y-%m-%dT%H:%M:%S.%3N%Z")

Thanks..

AL3Z · ‎03-23-2023

@richgalloway @gcusello

Here my search should calculate what is there in between if the first matches to that or last matches to particular range from last 3 weeks to till todaysdate..

gcusello · ‎03-23-2023

Hi @AL3Z ,

using my search you have the earliest and the latest timestamp in your results, then you can add all the information you need in the stats command.

Ciao.

Giuseppe

richgalloway · ‎03-23-2023

Please tell us more about your use case. What are the desired results?

---
If this reply helps you, Karma would be appreciated.

gcusello · ‎03-23-2023

Hi @AL3Z ,

please try something like this:

<your_search>
| stats earliest(_time) AS earliest latest(_time) AS latest
| eval earliest=strftime(earliest, "%Y-%m-%dT%H:%M:%S.%3N%Z"),
latest=strptime(latest, "%Y-%m-%dT%H:%M:%S.%3N%Z")

Ciao.

Giuseppe

How to specific time range in my search results

eval

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!