Splunk Search

Is it possible to add a condition in this relative time? Even with timepicker the result count doesn't change

jip31
Motivator

hello

I count events in a single panel from a relative time like below

As you can see, I search only events between 7h and 20h 7 days ago 

 

earliest=-7d@d+7h latest=-7d@d+20h 

 

Now, I dont know if it is possible but I would like to add a condition in this relative time because even if  I  use the timepicker, the result count dont change

So I would like to count events only for the last 60 minutes during 7h and 20h for the 7 days ago

Is it possible?

Thanks

Labels (1)
Tags (1)
0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

Try this

earliest=-7d@h latest=-7d@h+60m

OR

earliest=-7d@h-60m latest=-7d@h

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What timeframe do you want at 06:30, 07:30, 19:30, and 20:30?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Try this

earliest=-7d@h latest=-7d@h+60m

OR

earliest=-7d@h-60m latest=-7d@h
0 Karma

jip31
Motivator

thanks

so is not possible to specify also just between 7h and 19h?

something like this : 

earliest=-7d@7h-60m latest=-7d@19h
0 Karma

somesoni2
SplunkTrust
SplunkTrust

You're using inline timerange in search which overrides time-range picker, so that's why you see same count even after changing the time range picker value.

Your requirement is not that clear. Could you please provide example value using a sample date (e.g. if right now is 2022/05/17 2:00 PM what time range you want to search)?

0 Karma

jip31
Motivator

Hi

Considering right now it's 2022/05/17 2:00 PM, I need to count events 7 days ago and 60 m before the current time

And if it is possible between 7h and 19h

So in this case it will be 2022/05/10 1:00 PM

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...