×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ebele
New Member
Member since: ‎10-05-2019
‎09-08-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-05-2019
Activity Feed
View All

Re: lookup csv file contains multiple occurrences ...

by in Getting Data In
‎10-02-2020 03:41 AM
‎10-02-2020 03:41 AM
Hi ebele, you have epoch timestamps in your sample data. If you want the the timestamps to display as human readable dates, use an   ... | eval human_earliest=strftime(earliest_date,"%c") | ...    If you have a dashboard with a time range picker that populates a token called "time_selection" and would like to  have your search to deliver only the events in the selected time range add the following to your search:   ...| where earliest_date>=$time_selection.earliest$ AND latest_date<$time_selection.latest$ | ...   Last, but not least, if you would like to honor the timestamps in your standard search bar, using the standard time selector on the right of the splunk search field... add the following to your search: ...| addinfo | where earliest_time>=info_min_time AND latest_time<info_max_time | ... I assume that you only want those KPIs that have both, the earliest and the latest time inside the time range. You may need to tweak that to meet your requirements. Hope it helps, Oliver ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-08-2020 10:31 AM