How to specific time range in my search results

AL3Z · ‎03-23-2023

Hi all,

How to give the range to that first and last if the date is in between last 3weeks till today which matches to first or last in the below splunk query.

| eval first = strptime(first_detected, "%Y-%m-%dT%H:%M:%S.%3N%Z"),
last= strptime(last_detected, "%Y-%m-%dT%H:%M:%S.%3N%Z")

Thanks..

sphiwee · ‎06-04-2024

I managed to solve it by looking at splunk doc and noticing i was using the wrong flags

# configuring Splunk

msiexec.exe /i "C:\Installs\SplunkInstallation\splunkforwarder-9.2.0.1-d8ae995bf219-x64-release.msi" SPLUNKUSERNAME=admin SPLUNKPASSWORD=**** DEPLOYMENT_SERVER="********:8089" AGREETOLICENSE=Yes /quiet

AL3Z · ‎03-23-2023

@richgalloway @gcusello

Here my search should calculate what is there in between if the first matches to that or last matches to particular range from last 3 weeks to till todaysdate..

gcusello · ‎03-23-2023

Hi @AL3Z ,

using my search you have the earliest and the latest timestamp in your results, then you can add all the information you need in the stats command.

Ciao.

Giuseppe

richgalloway · ‎03-23-2023

Please tell us more about your use case. What are the desired results?

---
If this reply helps you, Karma would be appreciated.

gcusello · ‎03-23-2023

Hi @AL3Z ,

please try something like this:

<your_search>
| stats earliest(_time) AS earliest latest(_time) AS latest
| eval earliest=strftime(earliest, "%Y-%m-%dT%H:%M:%S.%3N%Z"),
latest=strptime(latest, "%Y-%m-%dT%H:%M:%S.%3N%Z")

Ciao.

Giuseppe

How to specific time range in my search results

eval

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability