Splunk Search

USe time range in Search

Path Finder

Hi - i have used time range in my adv-xml number of time using earlies and latest and defining range
but one of the module i am using is



max
range

AVAILABLITY
%
result
source="XYZ | search name != null | stats avg(avail) by name

<param name="linkView">Template_Table</param>
    </module>   

I want to use linksearch for a defined time - but do not know where to define the time range for example i want to call linksearch/search only for last 4 hrs or last 24 hrs
I tried following but do not work

source="XYZ | search name != null | stats avg(avail) by name | earliest=-4h latest=-1h

What should be right syntax to call time based search in link search

0 Karma
1 Solution

SplunkTrust
SplunkTrust

I believe the linkSearch parameter should be a search query as you would enter it in the search box, which means the time range would not be downstream. Try '<param name="linkSearch">source="XYZ" earliest=-4h latest=-1h | search name != null | stats avg(avail) by name</param>'.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

SplunkTrust
SplunkTrust

I believe the linkSearch parameter should be a search query as you would enter it in the search box, which means the time range would not be downstream. Try '<param name="linkSearch">source="XYZ" earliest=-4h latest=-1h | search name != null | stats avg(avail) by name</param>'.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post