×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
pstout2
Loves-to-Learn
Member since: ‎04-11-2022
‎01-06-2023
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-11-2022
Topics I've Started
No posts to display.
View All

Re: how to remove null entries from search results

by in Splunk Search
‎12-26-2022 06:08 AM
‎12-26-2022 06:08 AM
Remember, search is used to compare fields to literals whereas where is used to compare fields to fields or expressions. Sometimes both work. Sometimes not. | search Time_MS>0 | where isnotnull(Time_MS)   ... View more

Re: How to find difference of date in same table a...

by in Monitoring Splunk
‎12-26-2022 06:00 AM
‎12-26-2022 06:00 AM
You want to use the delta search command. First, invert the sort order otherwise your maintenance mode entry will have nothing against which it can compare. This assumes the dates in epoch time as your example suggests. Then,  use the delta command a=on the date field. Remember, because you inverted the order these numbers will now be negative. Finally, search for anything older than 2 days (86400s * 2) and not 0.  Here's a straw man search: | index=<your_index> sourcetype=<your_sourcetype> | sort - date | delta date AS date_diff | search date_diff < 172800 AND date_diff != 0   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-06-2023 09:07 AM