Re: Log searching Splunk

av_ · ‎03-20-2024

I am searching some logs in an application for the last 24 hours (or any time range the user has selected). Is it possible to search the same logs in another application for the next day?

Eg: if the user has selected the time range as last one hour, can I see the trajectory of those logs over a period of next day?

bowesmana · ‎03-20-2024

When you say "in another application" what do you mean

The predict command can be used to predict future trends

https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/SearchReference/Predict

marnall · ‎03-20-2024

As in running the same search that another user has previously run, but in a different time period?

av_ · ‎03-20-2024

@marnall @Not really, it’s like if I’m running the search for last 24 hrs, I’d like to see the data for now()+1d.

marnall · ‎03-21-2024

Probably the best thing for that, as bowesmana suggested, is the predict command, which would estimate what the data may look like in the future based on its behavior in the past.

Unless you have data with timestamps in the future, you can't actually look at future data. now()+1d should be empty.

Log searching Splunk

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Join the Conversation