Solved: What time modifiers do I use for earliest and late...

pavanae · ‎11-17-2016

For yesterday's results we give the earliest and latest as below

earliest=-1d@d latest=@d

Simillarly, what could be the earliest and latest for day before yesterday, 2 days before yesterday, 3 days before yesterday and so on?

sundareshr · ‎11-17-2016

Just build on that..

earliest=-1d@d latest=@d
earliest=-2d@d latest=-1d@d
earliest=-3d@d latest=-2d@d
...

View solution in original post

sundareshr · ‎11-17-2016

Just build on that..

earliest=-1d@d latest=@d
earliest=-2d@d latest=-1d@d
earliest=-3d@d latest=-2d@d
...

chow11 · ‎08-11-2017

How can i do similarly for certain time range?
I want to run my query for every 5minutes and 15 minutes (i have 2 diff queries).
how can i get results for past 5 minutes and how can i get results for past 15 minutes using "earliest= latest=" parameters.

lfedak_splunk · ‎08-11-2017

Hey @chow11, since this is an older post you might want to create a new question. Here's some info on how to ask a question http://docs.splunk.com/Documentation/Splunkbase/splunkbase/Answers/Questions

What time modifiers do I use for earliest and latest for day before yesterday, 2 days before yesterday, 3 days before yesterday, and so on?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

What time modifiers do I use for earliest and latest for day before yesterday, 2 days before yesterday, 3 days before yesterday, and so on?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...