Solved: Re: Saved Search Start and End Time

shangshin · ‎03-05-2013

Hi,
I would like to run a daily report at 3 AM and the time range should be Start Time 00:00:00 Finish Time 23:59:59. However, I can't find the equivalent time modifier.

I tried to use start time -1d@d but it didn't work unless the search is scheduled at 12 AM sharp.

Please advise the right values to achieve this goal.

emiller42 · ‎03-05-2013

I'm assuming you want the entire previous day from midnight to midnight. That being the case, start time of -1d@d and end time of @d should give you the timeframe you're looking for.

View solution in original post

vincesesto · ‎03-05-2013

Hi shangshin,

Have you tried to set the latest time as well...for example earliest=-1d@d latest=@d as this should get you from 12am to the end of that 24 hour time span.

If not...can you please post the entire search that you are putting in place with an example of the data that you are searching through as this would help with a possible solution.

Regards,

Vince

emiller42 · ‎03-05-2013

I'm assuming you want the entire previous day from midnight to midnight. That being the case, start time of -1d@d and end time of @d should give you the timeframe you're looking for.

Saved Search Start and End Time

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives

Join the Conversation

Saved Search Start and End Time

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives