Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

search the request if only it presents in certain date range

gowithwind22
New Member
‎02-25-2018 04:50 PM

I have a field called "request", I want to output all the log lines in history if the request value presents in certain date range. for example.

1/1/2018 10:00:00 x0
1/2/2018 11:00:00 x1
1/3/2018 10:00::00 x2
1/5/2018 10:00:00 x2
1/5/2018 11:00:00 x5

if 1/5/2018 if the date range, only x2, x5's history will return. Any idea how to do that?
PS: in the real world, the records' number is very large , there may be millions before the 1/1/2018 to the 1/5/2018.

Tags (1)
0 Karma
Reply

ddrillic
Ultra Champion
‎02-25-2018 05:19 PM

You can add to the query the following - earliest=1503982800&latest=1504760400. Please use the following for converting a date to an epoch time - Epoch & Unix Timestamp Conversion Tools

0 Karma
Reply

gowithwind22
New Member
‎02-25-2018 05:52 PM

my expected result is:
1/3/2018 10:00::00 x2
1/5/2018 10:00:00 x2
1/5/2018 11:00:00 x5

not 1/5/2018 10:00:00 x2
1/5/2018 11:00:00 x5

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...