Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Latest value to be at midnight yesterday

royimad
Builder
‎09-12-2013 03:45 AM

Hello Splunk,

How to precise a value for latest to be equal to midnight yesterday.
Example: Today is 9-12-2013 and i want to get event till the end of day 9-11-2013

What should be the value

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

royimad
Builder
‎09-23-2013 06:37 AM

Hi MuS,

Example 1: search sourcetype=".... earliest=-7d@d latest=@d ( Last Week )
Example 2: search sourcetype=".....earliest=-1d@d latest=@d ( Yesterday )

Simple:@d will truncate data till midnight
This example show last week and yesterday data ending by midnight.

Thanks,

View solution in original post

Reply
Solved! Jump to solution
Solution

royimad
Builder
‎09-23-2013 06:37 AM

Hi MuS,

Example 1: search sourcetype=".... earliest=-7d@d latest=@d ( Last Week )
Example 2: search sourcetype=".....earliest=-1d@d latest=@d ( Yesterday )

Simple:@d will truncate data till midnight
This example show last week and yesterday data ending by midnight.

Thanks,

Reply
Solved! Jump to solution

HattrickNZ
Motivator
‎04-29-2015 01:08 PM

will example 1 show mon-sun of last week if run on a wednesday? Or does it have to be run on a monday?

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎09-12-2013 04:15 AM

Hi royimad

that would be latest=-1d@d to be used in your search.

You can find time modifiers here or in the UI select the time range picker - custom time and in the next screen select Advanced search language and start with your test. The nice thing in the UI is, that the time modifiers like -1d@d gets translated into human readable time.

hope that helps....

cheers, MuS

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...