cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
rleviseur01
New Member
Member since: ‎05-18-2020
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-18-2020
View All

Re: How to get a report on time range windows from...

by in Splunk Search
‎05-19-2020 06:15 AM
‎05-19-2020 06:15 AM
So apiStartTime and apiEndTime are the beginning and end of the search window? The searches from DMC don't provide the search windows which is what I need. If the two fields above are the search window constraints, then I can build a search off of those to calculate the time difference between them and report that window. That's what I did yesterday, but thought I was doing something wrong since I was getting all sorts of odd search windows that don't align to the presets. Things like X minutes and random # of seconds. Rounding these to whole numbers I see a lot of things like 61 minutes or 91 days or 0 minutes. Seemed very odd and had me thinking these fields weren't the right fields for the search window. ... View more

How to get a report on time range windows from _au...

by in Splunk Search
‎05-18-2020 09:28 AM
‎05-18-2020 09:28 AM
I need to get a report of search windows used in historical search activity. For example, we need to determine how far back are users typically searching against (last 24 hours, last 7 days, more than 90 days ago, etc). I'm familiar with the DMC dashboards, which don't provide the search window of the searches it reports on, and familiar with the logs in the _audit index which might be my best bet. Is there documentation explaining what the different time fields are in index=_audit action=search ? Or is there another way to get a report of how often each search window/time frame is used over a given period? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM