Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Real Time search for Today()

EricksonOng
Explorer
‎04-24-2012 10:23 AM

hi,

it is possible to do a real time search for today?
for the saved searches or reports, we can actually do a @d - now

if i would to do a rt-d that would actually bring me the result time result that will be in last 24 hours instead.

Tags (2)
0 Karma
Reply

jonuwz
Influencer
‎08-27-2012 03:36 AM

This is not ideal, since it requires a new event to come through to 'refresh' the display

Set up your real-time search for the last 24 hours, then filter it through something like this

.... | eval interval=relative_time(_time,"@d") | eventstats latest(interval) as latest_interval | where interval == latest_interval AND latest_interval == relative_time(time(),"@d") |  ...

This'll only display events for the current day.

John

0 Karma
Reply

EricksonOng
Explorer
‎08-27-2012 12:57 AM

more or less this is for monitoring display.
the dashboard should be monitoring several metrics for violation.
however, this should be reset on a daily basis such that, when the next 24 hour shift takes over. it should already been cleared off instead of still showing up.

0 Karma
Reply

Ayn
Legend
‎08-27-2012 01:27 AM

afaik this is currently not supported. There have been a number of requests to implement this functionality - let's hope it makes it into a future release at some point.

Reply

sdaniels
Splunk Employee
Splunk Employee
‎04-24-2012 10:40 AM

What are you looking to accomplish with a 'today' time range for real time. Maybe that will help us answer your question.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...