Solved: Time Snapping to the nearest day & Time Charting

marquiselee · ‎01-17-2013

I have a script that runs overnight everyday checking for 404 errors against a list of files. Each attempt to access the file is timestamped and marked successful or not_found. The script begins at around 9PM (give or take a couple of hours) and takes 6-8 hours to finish.

The issue I'm having is time charting for a week and beyond.

While the script may have started last night I need to have those results aggregated with the rest of the results and count as "Today's" results.

Is there a way to make the results 'snap' to the closest day?

e/g a 9PM or 11PM result on 1/17 would snap to 1/18 (12:01 AM) on the time chart AND a 3AM or 5 AM result on 1/18 would also snap to 1/18 (12:01 AM) on the time chart.

I hope this description makes sense.

jonuwz · ‎01-17-2013

Yes.

If you add 12 hours then round down, you'll snap to the nearest day.

The code would be :

... | eval _time=_time+(12*60*60) | bin _time span=1d | ...

View solution in original post

jonuwz · ‎01-17-2013

Yes.

If you add 12 hours then round down, you'll snap to the nearest day.

The code would be :

... | eval _time=_time+(12*60*60) | bin _time span=1d | ...

marquiselee · ‎01-18-2013

like a glove! thnx

Time Snapping to the nearest day & Time Charting

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!