Splunk Search

how to search for a specific a certain minute or second in a each hour over a week/month in one search

msmapper
Path Finder

Hi all,

I would like to create a search that would only look at a certain minute or few seconds on the half hour over a 24hr or longer period. Basically, I want to see all of our log messages that occur at say the 25th and 55th minute every hour for the past day/week/month but I can't figure out what time range I would use.

any ideas would be appreciated.

regards
Jen

0 Karma
1 Solution

jonuwz
Influencer

There's a field called date_minute that you can use.

i.e.

( date_minute=25 OR date_minute=55 )

View solution in original post

0 Karma

msmapper
Path Finder

thanks, this works perfectly

0 Karma

msmapper
Path Finder

thanks, this works perfectly

0 Karma

jonuwz
Influencer

There's a field called date_minute that you can use.

i.e.

( date_minute=25 OR date_minute=55 )

View solution in original post

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!