Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to write a search for a specific timestamp?

Mubarish
Path Finder
‎08-19-2014 06:18 AM

Hi,
I have my search query which returns a table. In the table, Timestamp is one of my field. Format of the Timestamp field is YYYY/MM/DD HH:MM:SS (i.e) Date(Space)Time
For example
2014/07/10 03:17:44
2014/07/10 03:17:14 etc.
I want to search Timestamp suppose
for example basequery... | search Timestamp = 2014/07/10 03:17:44 , the record with that particular date&time has to display. Since there is a space between date and time, my search shows no result found. How can I search for a specific timestamp?

Tags (2)
0 Karma
Reply

somesoni2
Revered Legend
‎08-19-2014 10:20 AM

Your logs in Splunk should have _time field in epoch format. You can convert your token value to epoch and compare against _time value.

your base search _time=[|gentimes start=-1 | eval search=strptime("YourDateValue","%Y/%m/%d %H:%M:%S" | table search]

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎08-19-2014 06:26 AM

Hi Mubarish,

simply use double quotes around the value like in this run everywhere search command (you must be able to search index=_internal) :

 index=_internal "[19/Aug/2014:15* +0200]"

This will show all event from today (as it is the 19th of August 2014) 3pm

hope this helps ...

cheers, MuS

Reply

pradeepkumarg
Influencer
‎08-19-2014 06:24 AM

Did you try this?

basequery| search Timestamp = "2014/07/10 03:17:44"

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...