Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Real Time search for Today()

EricksonOng
Explorer
‎04-24-2012 10:23 AM

hi,

it is possible to do a real time search for today?
for the saved searches or reports, we can actually do a @d - now

if i would to do a rt-d that would actually bring me the result time result that will be in last 24 hours instead.

Tags (2)
0 Karma
Reply

jonuwz
Influencer
‎08-27-2012 03:36 AM

This is not ideal, since it requires a new event to come through to 'refresh' the display

Set up your real-time search for the last 24 hours, then filter it through something like this

.... | eval interval=relative_time(_time,"@d") | eventstats latest(interval) as latest_interval | where interval == latest_interval AND latest_interval == relative_time(time(),"@d") |  ...

This'll only display events for the current day.

John

0 Karma
Reply

EricksonOng
Explorer
‎08-27-2012 12:57 AM

more or less this is for monitoring display.
the dashboard should be monitoring several metrics for violation.
however, this should be reset on a daily basis such that, when the next 24 hour shift takes over. it should already been cleared off instead of still showing up.

0 Karma
Reply

Ayn
Legend
‎08-27-2012 01:27 AM

afaik this is currently not supported. There have been a number of requests to implement this functionality - let's hope it makes it into a future release at some point.

Reply

sdaniels
Splunk Employee
Splunk Employee
‎04-24-2012 10:40 AM

What are you looking to accomplish with a 'today' time range for real time. Maybe that will help us answer your question.

0 Karma
Reply
Get Updates on the Splunk Community!

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...