Hello everyone, I am having trouble getting my searches to run from 12:00 Am Sunday morning to 11:59:59PM on Saturday night ( 1 week) I want these reports to run every week, but i am not sure what to put in the manager under where it has a start and an end time under the search query. Any help would be appreachiated. Thank you.
These should serve as useful inspiration:
http://docs.splunk.com/Documentation/Splunk/5.0/Search/Selecttimerangestoapply
http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/SearchTimeModifiers
Something like earliest time -1w@w0, latest time @w6 might be what you want.
These should serve as useful inspiration:
http://docs.splunk.com/Documentation/Splunk/5.0/Search/Selecttimerangestoapply
http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/SearchTimeModifiers
Something like earliest time -1w@w0, latest time @w6 might be what you want.
Thank you so much.
If you run it the same week, just use @w0. The @ makes it "snap" to that day regardless.
the problem is that the reports are being sent out wend. at 4 am cron =( 0 4 * * 3)...... so wont it run a week back from that time?