Hello,
We have a few types of logs generated with different time zones. Are there any ways SPLUNK can modify the time zones associated with the logs entries to a one time zone (EST) so we can map a...
...r 4 days if I get the information. By discard it is because of the time it is taking, I don't know if I'm wrong but there is some configuration that limits a maximum timein seconds until it g...
...atest modifiers on searchin the second search. The following 3 searches work fine and return results throughout the week:
host=x
host=x earliest=-7d
host=x earliest=-7d | search *
&n...
hi as you can see I use a base searchin order to dis play two single pnels, one on the last 24 h and one on the last 7 days so for the second panel I need to put the time range on the l...
Hello, How to modify _time when running summary index on a scheduled search? Please suggest. I appreciate your help. Thank you When running summary index on a scheduled search, by default, _...
Hello - I was reading this: https://docs.splunk.com/Documentation/SCS/current/Search/Timemodifiers But it is not very clear to me how to use the timemodifiers properly. in...
...onditions. The search that I am trying is something like as shown below, but there are multiple hosts and it is not working for a single host and I need to change thresholds based on time of that p...
Hey everyone,
I've got a query here that I'm using to find values over 3 different periods of time. Today, yesterday and two days ago. I've made this query into a report and attached it to a d...
I have a dropdown selection for a Policy field. I want to be able modify the searchtime based on the policy selected in the dropdown.
The drop down has 3 static options and depending on what i...
...ow.
Is it possible to do this with only one "search" ?
Today i use 2 searchs which are the same instead the time-modifiers:
For the week-end view:
earliest_time = @w1-2d-6h
l...