How to search by specific date and time range and ...

mikeyty07 · ‎12-21-2022

I am trying to search with specific date and time. Is it possible to search and compare?

for example, i want to get stats from 2022-12-20 14:00:00 to 2022-12-20 15:00:00 and compare it with other dates like 12/16, 12/10/, 12/5 with same time range. is there a way to get stats compared side by side with other dates
OR
just have the all mentioned dates and time (2p-3p) there in search query ?

bowesmana · ‎12-21-2022

Just put the date/time ranges in the query

(earliest="12/20/2022:14:00:00" latest="12/20/2022:15:00:00") OR
(earliest="12/16/2022:14:00:00" latest="12/16/2022:15:00:00") OR
(earliest="12/10/2022:14:00:00" latest="12/10/2022:15:00:00")

and the the simplest way is to then

| bin _time span=1d
| stats count by _time

or you may have date_hour field auto extracted, in which case you could just set the time picker and use date_hour=3

How to search by specific date and time range and compare with other date and time stats?

chart

count

eval

fields

other

stats

table

timechart

tstats

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...