Dashboards & Visualizations

How to define a custom range picker for day shifts (6AM to 6PM) and night shifts (6PM to 6AM)?

rapmancz
Explorer

Hello,

I am using Splunk in a 24/7 factory production floor.

I need to define a custom time range picker for all day shifts (6AM to 6PM) and night shifts (6PM to 6AM).

I am able to define it for one shift like @d-18h (yesterday 6AM) to @d-6h (yesterday 6PM). But how to define for example this week all days 6AM to 6PM?

0 Karma

sundareshr
Legend

You could have 2 options. One a dropdown for day vs night and the other for timerange (Last 7 days etc). Then in your search, you could do like this

index=xyz earliest=$timerange.earliest$ latest=$timerange.latest$ | eval hod=strftime(_time, "%H") | eval shift=if(hod>=6 AND hod<=18, "day", "night") | where shift=$shiftselection$ | ...
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...