Solved: Exclude search on a specific time at a specific we...

skyrider1 · ‎01-11-2013

Hi

We have a search where we get the request time out of a webapplication. Of course those request times suffer during our weekly maintenance window. Now i tried to filter out those specific times by using the following filter:

|eval myHour=strftime(_time, "%H")
|eval myDay=strftime(_time, "%a")
|where NOT (( myHour >= 18 ) AND ( myHour <= 22 AND myDay=Thu))

The myDay on it's own doesn't work..

Somewho it's not working that way, so i appreciate any help...

Thanks

kristian_kolb · ‎01-11-2013

Could you not use the date_* fields for this? Those should work unless you have servers in different time zones.

sourcetype=your_web_app NOT (date_wday = thursday date_hour >=18 date_hour <= 22 )

/Kristian

View solution in original post

kristian_kolb · ‎01-11-2013

Could you not use the date_* fields for this? Those should work unless you have servers in different time zones.

sourcetype=your_web_app NOT (date_wday = thursday date_hour >=18 date_hour <= 22 )

/Kristian

Exclude search on a specific time at a specific weekday (weekly maintenance window)

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...