×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
coreytoast
Explorer
Member since: ‎09-04-2022
‎09-13-2022
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-04-2022
View All

Re: How can I split Splunk query into time ranges?

by in Splunk Search
‎09-13-2022 07:02 AM
‎09-13-2022 07:02 AM
This worked perfectly, thank you so much ... View more

Re: How can I split splunk query into time ranges?

by in Splunk Search
‎09-06-2022 03:05 AM
‎09-06-2022 03:05 AM
I have updated my question to give more context ... View more

Re: How can I split splunk query into time ranges?

by in Splunk Search
‎09-06-2022 02:58 AM
‎09-06-2022 02:58 AM
updated question ... View more

How can I split Splunk query into time ranges?

by in Splunk Search
‎09-04-2022 01:55 PM
‎09-04-2022 01:55 PM
Hi Everyone, If I am searching through the past 4 weeks in one query, how can I break this data into two columns, one for previous 2 weeks, and one for latest 2 weeks, then sort by Latest 2 weeks? In general, im using stats to display the amount of objects affected by errors occurring  in a 4 week period but would like to see them displayed in two 2 week periods, sorted by the amount in the latest 2 weeks. | stats dc(objects) as OBJ by errorMessage | span -OBJ   CURRENT OUTPUT   ERROR MESSAGE OBJ message 1 1792 message 2 1210 message 3 957     DESIRED OUTPUT ERROR MESSAGE LATEST 2 WEEKS PREVIOUS 2 WEEKS message 1 967 825 message 2 872 666 message 3 103 854   Thanks all, Corey ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-13-2022 01:08 PM
Karma given to
View All