Splunk Search

How to monitor log time from 22.00 to 8.00?

hiepdv4
New Member

Dear all.

Please support me about monitor and statistics log from 22.00 to 8.00

Thanks

0 Karma
1 Solution

HiroshiSatoh
Champion

It can be extracted under the following conditions. I think it should be macrosized for a long time.

(your search) (date_hour=22 OR date_hour=23 OR date_hour=0 OR date_hour=1 OR date_hour=2 OR date_hour=3 OR date_hour=4 OR date_hour=5 OR date_hour=6 OR date_hour=7 OR date_hour=8)

View solution in original post

0 Karma

HiroshiSatoh
Champion

It can be extracted under the following conditions. I think it should be macrosized for a long time.

(your search) (date_hour=22 OR date_hour=23 OR date_hour=0 OR date_hour=1 OR date_hour=2 OR date_hour=3 OR date_hour=4 OR date_hour=5 OR date_hour=6 OR date_hour=7 OR date_hour=8)
0 Karma

hiepdv4
New Member

Dear Hiroshi-san

Thanks for support.

Regards

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Would you please provide more information about what you are trying to do and how you are trying to do it?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...