Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search time Time-fields

psobisch
Path Finder
‎11-24-2013 09:49 AM

Hello,

I have defined a search macro which is taking 3 arguments: starttime, endtime, (starttime-1y).
This works very well using "gentimes" command.

Well, it is very practical if I want generating summaries of the past, which I did.
But, I'd like to make a search to be scheduled for new events, that means I need such time fields in it based on predefined the scheduled search time fields or even more the time picker.

I tried to discover how where the fields are and what are the names of them (using: table *), but I couldn't find any fields containing time boundaries of the current search.

Any Idea how to get them? Are there any?

Of course I thought about using gentimes in a scheduled search, but I would like to be more flexible, that means, to have the possibility to use the time picker in a manual search.

Do you have any hints for me?

Regards,
Peter

Tags (3)
0 Karma
Reply

chris
Motivator
‎11-24-2013 11:13 AM

Have a look at the addinfo command it will add a info_min_time and a info_max_time field to your current search.

>> Documentation of addinfo

0 Karma
Reply

chris
Motivator
‎11-25-2013 05:32 AM

You're welcome. If this answers your question, can you mark the answer as accepted? There are three benefits if you do: My user will get points, other users who answer questions can focus their energy on unanswered questions and users with a similar question will see that this problem was solved. Thanks

0 Karma
Reply

psobisch
Path Finder
‎11-25-2013 04:59 AM

Thanks! This seems to offer what I'm looking for.

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...