Solved: Re: What time modifiers do I need to look at 1 hou...

HattrickNZ · ‎08-16-2015

I want to just look at 1 hour for yesterday, but I want it to be relative to today so no matter when I look at it in the future it will always be yesterday.

So if I look at it today it will show yesterdays value at 12pm to 1pm
And if I look at it next week it will show the day before that day at 12pm to 1pm

I am thinking of something like -1d@d for the earliest and @d for the latest but how do i get the hour I want?

grijhwani · ‎08-16-2015

-1d@h to -23h@h

You can use any of the units for range as as your "snap to" boundaries.

View solution in original post

grijhwani · ‎08-16-2015

-1d@h to -23h@h

You can use any of the units for range as as your "snap to" boundaries.

HattrickNZ · ‎08-16-2015

will that work? will that not always be 23hours ago from your current hour. I want same hour for yesterday all the time.

grijhwani · ‎09-05-2015

I just had another thought, it could also be specified as @d-12h to @d-11h.

grijhwani · ‎08-16-2015

So what you are saying is that you will always want the hour 12:00..13:00 of the previous day.

OK, so that should be -d@d+12h to -d@d+13h.

You can add and subtract offsets after the snap.

What time modifiers do I need to look at 1 hour of data for yesterday relative to today?

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?

What time modifiers do I need to look at 1 hour of data for yesterday relative to today?

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard