I have a scenario that i'm getting N number of results for last 60min splunk search like below (5:00Pm to 06:00PM).
2022-08-02 17:59:45.203 CCL220727468 2022-08-02 17:59:40.555 CCL220711461 2022-08-02 17:59:34.985 CCL220727468 2022-08-02 17:59:22.080 CCL220727468 2022-08-02 17:59:02.638 CCL220727468 2022-08-02 17:14:02.734 CCL220707460 2022-08-02 17:11:29.456 CCL220729470 2022-08-02 17:04:52.780 CCL220729470
In that i need to exclude the events close to the end time (for eg. I need to exclude the events with timestamp > 05:55PM. The events at the edge of search end time is not required). This is for setup an alert which shows the number of events in last 60min
... View more