@Sandeep007 If you're looking for time ranges within 1-hour periods, you can use e.g. timechart: sourcetype=access_common status=500 | timechart span=1h earliest(_time) as et latest(_time) as lt range(_time) as duration | fieldformat et=strftime(et, "%F %T") | fieldformat lt=strftime(lt, "%F %T") | fieldformat duration=tostring(duration, "duration")
... View more
NO .. If I check 5XX or 4XX errors, It will show some logs in hour 5 or 10 mins period ex: I checked 500 errors 10pm to 11pm... in that one hour, errors started from 10:15pm to 10:45pm , I want only period {10:15pm to 10:45pm } no need logs .. for that How I need to write quarry
... View more