Solved: Select Time Range

laudai · ‎04-24-2017

He guys
I have 2 years data

how do I get the Specify time ranges
e.g. from 6am to 12pm every days

Thanks for your answer.

dineshraj9 · ‎04-24-2017

Just restrict the inbuilt date_hour field to values 6 - 12

index=<your_index> | where date_hour>=6 and date_hour<=12

gcusello · ‎04-24-2017

Hi laudai,
in you search insert the following condition:
your_search date_hour>5 | ...

Bye.
Giuseppe

dineshraj9 · ‎04-24-2017

Just restrict the inbuilt date_hour field to values 6 - 12

index=<your_index> | where date_hour>=6 and date_hour<=12

niketn · ‎04-24-2017

I would actually pipe to base search rather than additional where clause for two reasons:

1) Filtering records upfront in base search is faster.
2) search fieldName=value is faster than where fieldname=value

index=<your_index> date_hour>=6 and date_hour<=12

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

laudai · ‎04-24-2017

Is there has column name date_hour ? I can't use this search so I use Regular Expression

dineshraj9 · ‎04-24-2017

date_* default fields are not available for all sources, for instance they are not present for Windows event logs.

You can try creating the field like below and then filter -

| eval date_hour=strftime(_time,"%H") | where date_hour>=6 and date_hour<=12

laudai · ‎04-24-2017

Thanks for your answer.

Select Time Range