cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
djcascione
Explorer
Member since: ‎08-22-2022
‎12-22-2022
Community Statistics
Posts 3
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎08-22-2022
Activity Feed
View All

Re: BST ( British Summer Time) Search Time Interva...

by in Splunk Search
‎08-29-2022 12:01 PM
‎08-29-2022 12:01 PM
Thanks for the help! I have it up and running with this SPL: index=my_index | eval year=strftime(_time,"%Y") | lookup bst_lookup.csv year OUTPUTNEW date_sunday | stats values(*) as * max(date_sunday) as maxdate min(date_sunday) as mindate latest(_time) as time by field | eval isbst=if(time>mindate AND time<maxdate , 1,0) | eval date_hour_max=19+isbst, date_hour_min=7+isbst | search (date_hour<date_hour_min) OR (date_hour>date_hour_max) ... View more

Re: BST ( British Summer Time) Search Time Interva...

by in Splunk Search
‎08-23-2022 03:48 AM
‎08-23-2022 03:48 AM
Id like the search to use the lookup table to adjust the search time interval window. During BST the logs displayed will be within the time range 19:00 & 7:00. Outside of BST, the search needs to adjust and search between the hours of 20:00 & 8:00.  I'll later use this to trigger an alert based on criteria in the logs ( example - user logging in after hours). ... View more

How to create a search for BST ( British Summer Ti...

by in Splunk Search
‎08-22-2022 07:54 PM
‎08-22-2022 07:54 PM
Hi  I have a SPL query that needs to adjust at search time when we are falling in and out of BST.  During BST, the search has to search between the hours of 19:00 & 7:00. Outside of BST, the search needs to adjust and search between the hours of 20:00 & 8:00.  I have created a lookup where I capture the dates of when BST starts and stops. I have also created the logic max date and min date to identify the Sundays that start and end BST. This part is working I need help to complete the search to filter results where if the date is outside of BST, to adjust from 19:00-7:00 search window to the 20:00 - 8:00   search window.   index=my_index | eval year=strftime(_time,"%Y") | lookup bst_lookup.csv year OUTPUTNEW date_sunday | stats values(*) as * max(date_sunday) as maxdate min(date_sunday) as mindate latest(_time) as time by field | eval isbst=if(time>mindate AND time<maxdate , 1,0)     Thanks! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-22-2022 09:46 AM