Splunk Search

between earliest=beginning of the previous day (00:00:00) latest=end of previous day (23:59:59)

jclemons7
Path Finder

I need a way to programatically calculate the beginning of the previous day and the end of he previous day.

Any help is greatly appreciated.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

How about using the relative time (hoping the programmatically in splunk search is asked here)

your base search earliest=-1d@d latest=@d

jclemons7
Path Finder

does that actually put it at 00:00:00 to 23:59:59 for instance?.. it's not relative to the time I run the query?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

It will put (if I run it today Feb 12 ) earliest=02/11/2016 00:00:00 to latest=02/12/2016 00:00:00.

It relative to the time you runt he query. You can check/test this option from the Splunk's search page itself. In time range picker dropdown, the last section is advanced, there you can test relative time values and can see actual resolved date just below the text boxes.

alt text

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...