Solved: Re: Splunk Search: Night Events for all days

angelo82 · ‎07-24-2012

Good Morning I'm looking for collect in Splunk Search all nights event logs between 08:00 PM and 07:00 AM

i've done this one:

'sourcetype="WinEventLog:Security" earliest=@d-4h latest=@d+7h`

and it's good only for last night

what should i do to collect this time range for all days?

i'm using Splunk 4.3.3

My Thanks in Advance

Ayn · ‎07-24-2012

Extract the hour from the timestamp, then check events that match your conditions (very similar to what I answered in your other recent question). Something like this:

... | eval date_hour=strftime(_time, "%H") | search date_hour>=20 OR date_hour<7

View solution in original post

Ayn · ‎07-24-2012

Extract the hour from the timestamp, then check events that match your conditions (very similar to what I answered in your other recent question). Something like this:

... | eval date_hour=strftime(_time, "%H") | search date_hour>=20 OR date_hour<7

angelo82 · ‎07-24-2012

also this one works perfectly 🙂
thank you more

Regards
Angelo

Splunk Search: Night Events for all days

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)