Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search 2 date fields and find amount of days minus weekend days

nathbe01
Explorer
‎03-03-2020 08:45 PM

Hello, I need to formulate a search there I have 2 date fields one is START_TIME 2020-02-28 19:19:58.0 other field is END_TIME 2020-03-03 19:19:58.0. What I need to do is find out is the START_TIME is before the weekend and the END_TIME is after the weekend. And chart my results based on that including other fields. I only want results where the START_TIME is before the weekend and the END_TIME is after the weekend. Events where the START_TIME and the END_TIME and before or during the weekends can be excluded.

For examples START_TIME is 2020-02-28 19:19:58.0 but END_TIME is 2020-02-2919:19:58.0 would not count as it was started and ended during the weekend. I only want events started before and ended after the weekend to count. Any help would be appreciated

Tags (1)
0 Karma
Reply

nathbe01
Explorer
‎03-03-2020 08:46 PM

I should add, I have to go by START_TIME and END_TIME as the standard _Time for the event will not be accurate as these events update every 15 minutes so only the START_TIME and END_TIME fields give accurate times

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...