Dashboards & Visualizations

Searching events that occur with within a range time but across all days

wbordeau
Explorer

I see how I can use absolute time ranges to filter my searches but what I'm trying to do is get back results for say all events that occur between 1:00AM to 2:00AM every day not just between some custom start and end times.

Is this possible? And if so, can you provide some example search filters?

Thanks!

Tags (2)
0 Karma

Ayn
Legend

Please don't post updates to your question as answers, that way it looks like your question is already answered.

Splunk automatically creates a number of date_* fields for most sources, including date_hour. You can use this field to filter the results in the way you want.

date_hour>=1 AND date_hour<=2

wbordeau
Explorer

I found in another thread I could do the following if you want to filter for interesting traffic that tends to occur in the first 10 minutes of any hour.

sourcetype="udp:514" host="x.x.x.x" * keywords AND date_minute < 10

0 Karma

wbordeau
Explorer

I wonder if a RegEx would work.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...