Splunk search
" EventCode="4688" AND earliest="5/8/2024:10:07:20" latest="5/8/2024:10:17:20 "
Could you please the time search is correct
@jaibalaraman , your searches return a consistent set of results regardless of the time zone you are in.
@jaibalaraman search can be in any time zone. can you elaborate your question what you need exactly
Hi
I am trying to use earliest and latest on Date time
Could you please advise the right format to use , i am not sure the below spl format is correct
Event Code="1234" AND earliest="5/8/2024:10:07:20" latest="5/8/2024:10:17:20
hi @jaibalaraman ,
You can specify an exact time such as earliest="10/5/2021:20:00:00", or a relative time such as earliest=-h or latest=@w6.
When specifying relative time, you can use the now modifier to refer to the current time.
According to the documentation for search time modifiers you should be correct. Although example 4 and 5 on that page uses a different time format. Try the format from the examples.
Also the search can be done in UTC or any time zone'
