Splunk Tutorial
Selected Reading
- Splunk - Discussion
- Splunk - Useful Resources
- Splunk - Quick Guide
- Splunk - Stats Command
- Splunk - Top Command
- Splunk - Sort Command
- Splunk - Monitoring Files
- Splunk - Custom Chart
- Splunk - Removing Data
- Splunk - Apps
- Splunk - Tags
- Splunk - Calculated Fields
- Splunk - Managing Indexes
- Splunk - Sparklines
- Splunk - Overlay chart
- Splunk - Basic Chart
- Splunk - Event Types
- Splunk - Search Macros
- Splunk - Subseraching
- Splunk - Knowledge Management
- Splunk - Schedules and Alerts
- Splunk - Lookups
- Splunk - Pivot & Datasets
- Splunk - Dashboards
- Splunk - Reports
- Splunk - Transforming commands
- Splunk - Search Optimization
- Splunk - Search Language
- Splunk - Sharing and Exporting
- Splunk - Time Range Search
- Splunk - Field Searching
- Splunk - Basic Searching
- Splunk - Source Types
- Splunk - Data Ingestion
- Splunk - Interfaces
- Splunk - Environment
- Splunk - Overview
- Splunk - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Splunk - Time Range Search
Splunk - Time Range Search
The Splunk web interface displays timepne which indicates the distribution of events over a range of time. There are preset time intervals from which you can select a specific time range, or you can customize the time range as per your need.
The below screen shows various preset timepne options. Choosing any of these options will fetch the data for only that specific time period which you can also analyse further, using the custom timepne options available.
For example, choosing the previous month option gives us the result only for the previous month as you can see the in spread of the timepne graph below.
Selecting a Time Subset
By cpcking and dragging across the bars in the timepne, we can select a subset of the result that already exists. This does not cause the re-execution of the query. It only filters out the records from the existing result set.
Below image shows the selection of a subset from the result set −
Earpest and Latest
The two commands, earpest and latest can be used in the search bar to indicate the time range in between which you filter out the results. It is similar to selecting the time subset, but it is through commands rather than the option of cpcking at a specific time pne bar. So, it provides a finer control over that data range you can pick for your analysis.
In the above image, we give a time range between last 7 days to last 15 days. So, the data in between these two days is displayed.
Nearby Events
We can also find nearby events of a specific time by mentioning how close we want the events to be filtered out. We have the option of choosing the scale of the interval, pke – seconds, minutes, days and week etc.
Advertisements