Solved: Re: Can we set a time range from today 00:00:00 AM...

chrbar01 · ‎10-14-2016

Hello,

I would like to set a search for the 24H of the current day: a time range from today 00:00:00 AM to real time now?
Is it possible?
If yes, could you explain to me how to do that?

Thanks,
Chris

somesoni2 · ‎10-14-2016

Use earliest=@d latest=now.

View solution in original post

somesoni2 · ‎10-14-2016

Use earliest=@d latest=now.

cmerriman · ‎10-14-2016

in the Advanced tab on the Time Range Picker, you could put "@d" in earliest and "now" in latest, would that work?

chrbar01 · ‎10-14-2016

Thanks for your help 🙂

I'd like to set this range in real time.
I've found a solution with the values "rt-1@d" in earliest and "rt" in latest, inside the Advanced tab of the Time Range Picker.
It works, but if I enter the same value into the Search command line (earliest="rt-1@d" latest="rt"), I obtain the error: Invalid value "rt-1@d" for time term 'earliest'.
Do you know why?

somesoni2 · ‎10-14-2016

The realtime time ranges are not designed to be applied inline in search. Read this for more details

https://docs.splunk.com/Documentation/Splunk/6.5.0/Search/Specifyrealtimewindowsinyoursearch#Real-ti... (3rd para)

chrbar01 · ‎10-19-2016

Ok, thanks a lot.

Can we set a time range from today 00:00:00 AM to real time now?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?