The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Previous Topic: Cannot schedule / run more than 4 searches with email alerts | Next Topic: Stats within transactions
Posts 1–3 of 3
Hi all,
is it possible to perform something like the following (psuedo search code fyi)
search "login" between 19:00:00 and 05:00:00 any day this week
Essentially I want to be able to look for any event that match "login" that occured between 19:00 and 05:00 (for example) on any day this past week
I know I can do the same thing with specific search, but I want to automate as much as possible for rollup reports etc.
earliest=@w0 ( date_hour >= 19 OR date_hour < 5) login