For yesterday's results we give the earliest and latest as below
earliest=-1d@d latest=@d
Simillarly, what could be the earliest and latest for day before yesterday, 2 days before yesterday, 3 days before yesterday and so on?
Just build on that..
earliest=-1d@d latest=@d
earliest=-2d@d latest=-1d@d
earliest=-3d@d latest=-2d@d
...
Just build on that..
earliest=-1d@d latest=@d
earliest=-2d@d latest=-1d@d
earliest=-3d@d latest=-2d@d
...
How can i do similarly for certain time range?
I want to run my query for every 5minutes and 15 minutes (i have 2 diff queries).
how can i get results for past 5 minutes and how can i get results for past 15 minutes using "earliest= latest=" parameters.
Hey @chow11, since this is an older post you might want to create a new question. Here's some info on how to ask a question http://docs.splunk.com/Documentation/Splunkbase/splunkbase/Answers/Questions