Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

need time fields extracted as start and end time

venky1544
Builder
‎07-12-2023 04:37 AM

1q) i have my search starting with earliest=-1mon latest=now()

i want to get the dates as startdate = earliest and end date = latest and caluclate the number of days between them 

2Q) Also when we use timeticker how can i get the start and end time as fields in the search when we use option like last 7 days

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎07-12-2023 04:55 AM

You can use addinfo to return the info_min_time and info_max_time fields from which you can do your calculations.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...