×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
djcascione
Explorer
Member since: ‎08-22-2022
‎07-25-2025
Community Statistics
Posts 3
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎08-22-2022
Activity Feed
View All

Re: BST ( British Summer Time) Search Time Interva...

by in Splunk Search
‎08-29-2022 12:01 PM
‎08-29-2022 12:01 PM
Thanks for the help! I have it up and running with this SPL: index=my_index | eval year=strftime(_time,"%Y") | lookup bst_lookup.csv year OUTPUTNEW date_sunday | stats values(*) as * max(date_sunday) as maxdate min(date_sunday) as mindate latest(_time) as time by field | eval isbst=if(time>mindate AND time<maxdate , 1,0) | eval date_hour_max=19+isbst, date_hour_min=7+isbst | search (date_hour<date_hour_min) OR (date_hour>date_hour_max) ... View more

Re: BST ( British Summer Time) Search Time Interva...

by in Splunk Search
‎08-23-2022 03:48 AM
‎08-23-2022 03:48 AM
Id like the search to use the lookup table to adjust the search time interval window. During BST the logs displayed will be within the time range 19:00 & 7:00. Outside of BST, the search needs to adjust and search between the hours of 20:00 & 8:00.  I'll later use this to trigger an alert based on criteria in the logs ( example - user logging in after hours). ... View more

How to create a search for BST ( British Summer Ti...

by in Splunk Search
‎08-22-2022 07:54 PM
‎08-22-2022 07:54 PM
Hi  I have a SPL query that needs to adjust at search time when we are falling in and out of BST.  During BST, the search has to search between the hours of 19:00 & 7:00. Outside of BST, the search needs to adjust and search between the hours of 20:00 & 8:00.  I have created a lookup where I capture the dates of when BST starts and stops. I have also created the logic max date and min date to identify the Sundays that start and end BST. This part is working I need help to complete the search to filter results where if the date is outside of BST, to adjust from 19:00-7:00 search window to the 20:00 - 8:00   search window.   index=my_index | eval year=strftime(_time,"%Y") | lookup bst_lookup.csv year OUTPUTNEW date_sunday | stats values(*) as * max(date_sunday) as maxdate min(date_sunday) as mindate latest(_time) as time by field | eval isbst=if(time>mindate AND time<maxdate , 1,0)     Thanks! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-25-2025 10:12 AM