Splunk Search

Splunk Query help to find time difference

Path Finder

For last 30 days(which i will select in time filter) I would like to get the count of field X only if it is older than 7days from current time.

0 Karma


Doesn't this work for you?

index=<yourindex> earliest=-30d latest=-7d | stats count(X)
0 Karma
Get Updates on the Splunk Community!

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...