About rlincoln

rlincoln · ‎12-12-2016

Despite the potential risk of inconsistency this solution did resolve the issue I was having, thank you for help with this!

rlincoln · ‎12-12-2016

While I understand the risk of inconsistency here without a better solution being presented I must move forward with the solution I currently have. Thank you for your input and I appreciate the time you took to provide me with this information. I will move forward and attempt to devise a solution that does not involve the date_hour and date_wday functions.

rlincoln · ‎12-08-2016

I have this real-time query with a 12 week back fill: host="<some host>" OR host="<some other host>" "<some search text to key on>" [ | stats count | eval date_hour=strftime(now(),"%H") | eval date_wday = lower(strftime(now(),"%A")) | fields - count ] | bucket _time span=1h | stats count by _time What is happening is every day this query will not return any results after 23:59 and before 10:00 AM. As soon as the time rolls over to 10:00 I can refresh and the search will have the expected results and works correctly for the remainder of the day until midnight. It seems that there is an issue with strftime(now(),"%H") when the time starts with a 0. I tried changing the %H to %k and %I but neither helps the search work properly before 10 AM. I can manually type in the hour into the query and get the correct result but using the function the query returns no results. Does anyone have any thoughts on what I might be doing wrong here? Thanks!

Posts	3
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎11-28-2016

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

Why does my strftime search not work between midni...

Re: Why does my strftime search not work between m...

Re: Why does my strftime search not work between m...

Why does my strftime search not work between midni...