Solved: how to search only for current date?

sfatnass · ‎09-27-2016

hi,

i need to know what i should insert into latest_time and earliest_time to specify search only for current day

sfatnass · ‎09-27-2016

i solved it just attribute earliest_time=@d not need latest_time thx for reply

sfatnass · ‎09-27-2016

i solved it just attribute earliest_time=@d not need latest_time thx for reply

jkat54 · ‎09-27-2016

You might also be interested in _index_earliest=-@d

sfatnass · ‎09-27-2016

no just get logs only for today

inventsekar · ‎09-27-2016

For example, to start your search an hour ago use either of the following time modifiers.

earliest=-h

For current day,

earliest=-d latest=now

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

sfatnass · ‎09-27-2016

earliest=-d latest=now

get one day (24) i tryed it but he count since:
earliest=09/26/2016 15:09:00 latest=09/27/2016 15:09:00

but i need only the current day:

earliest=09/27/2016 00:00:00 latest=09/27/2016 15:09:00

inventsekar · ‎09-27-2016

@d-2h Snap to the beginning of today (12AM) and subtract 2 hours from that time.

Please try
earliest=-d@d latest=now

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

Walt_Splunk · ‎09-27-2016

how to search only for current date?