Splunk Search

How to specify the time frame in a search?

troy44112
Explorer

Hello,

How would I specify the time frame in a search to provide me the events between 7am - 5pm weekdays and all results for weekends within the same search

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @troy44112,

in addition to the solution of @richgalloway, that completely answers to your question, you could also manage the holidays following the instruction that you can find in this my old answer: https://community.splunk.com/t5/Splunk-Search/Bank-holiday-exclusion-from-search-query/m-p/491071

Ciao.

Giuseppe

richgalloway
SplunkTrust
SplunkTrust

Here's one way if your data includes the date_* fields (usually true).

index=foo <<more search terms>>
| where ((date_wday="saturday" OR date_wday="sunday") OR (date_hour>=7 date_hour<17))
---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...