Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to search only for current date?

sfatnass
Contributor
‎09-27-2016 05:42 AM

hi,

i need to know what i should insert into latest_time and earliest_time to specify search only for current day

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sfatnass
Contributor
‎09-27-2016 06:13 AM

i solved it just attribute earliest_time=@d not need latest_time thx for reply

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sfatnass
Contributor
‎09-27-2016 06:13 AM

i solved it just attribute earliest_time=@d not need latest_time thx for reply

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎09-27-2016 06:20 AM

You might also be interested in _index_earliest=-@d

0 Karma
Reply
Solved! Jump to solution

sfatnass
Contributor
‎09-27-2016 07:12 AM

no just get logs only for today

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎09-27-2016 06:04 AM

For example, to start your search an hour ago use either of the following time modifiers.

earliest=-h

For current day,

earliest=-d latest=now

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Solved! Jump to solution

sfatnass
Contributor
‎09-27-2016 06:10 AM

earliest=-d latest=now

get one day (24) i tryed it but he count since:
earliest=09/26/2016 15:09:00 latest=09/27/2016 15:09:00

but i need only the current day:

earliest=09/27/2016 00:00:00 latest=09/27/2016 15:09:00

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎09-27-2016 06:13 AM

@d-2h Snap to the beginning of today (12AM) and subtract 2 hours from that time.

Please try
earliest=-d@d latest=now

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Solved! Jump to solution

Walt_Splunk
Explorer
‎09-27-2016 05:52 AM

Check out this list of time modifiers in Splunk Docs, https://docs.splunk.com/Documentation/Splunk/6.4.3/Search/Specifytimemodifiersinyoursearch

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...