×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ran_deep
New Member
Member since: ‎05-18-2023
‎05-18-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-18-2023
Activity Feed
View All

Re: How to search for records between respective t...

by SplunkTrust in Splunk Search
‎05-18-2023 07:08 AM
‎05-18-2023 07:08 AM
The search command cannot handle a field ("variable") name on both sides of the operator.  Use where, instead. index=ovpm sourcetype=ovpm_global | search "Service Name" = "WSB EXPRESS" | eval region = case(substr(SYSTEMNAME, 1, 2) == "my", "AP", substr(SYSTEMNAME, 1, 2) == "cz", "EU", substr(SYSTEMNAME, 1, 2) == "us", "AM", true(), "Other") | eval regionStartHour = tonumber(case(substr(SYSTEMNAME, 1, 2) == "my", 0, substr(SYSTEMNAME, 1, 2) == "cz", 8, substr(SYSTEMNAME, 1, 2) == "us", 16, true(), 0)) | eval regionEndHour = tonumber(case(substr(SYSTEMNAME, 1, 2) == "my", 8, substr(SYSTEMNAME, 1, 2) == "cz", 16, substr(SYSTEMNAME, 1, 2) == "us", 24, true(), 0)) | eval hr = strftime(_time, "%H") | where hr>=regionStartHour AND hr<=regionEndHour ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-18-2023 10:14 AM