I am trying to search for an event that happens in a specific time range in Splunk but I want that search to encompass all of the data I have indexed which covers a wide date range.
For example, I want to see if a line in an indexed log file contains the word 'Error' between the hours of 9am and 4pm from the 25 days worth of logs I have indexed. If the word 'Error' shows up outside of that time range, I don't want that displayed in my search results.
For date/time format I am using mm/dd/yyyy:hh:mm:ss
Any ideas how I might go about this?
You can try a search something like this:
index=foo earliest=-25d (date_hour > 9 and date_hour < 16) "Error"
while the selected answer is great, it did not work in my case (splunk v6), however this did work (it was mainly adding the | eval date_hour... )
and my full working search (between hours of 6am to 11pm , for each of the prior 25 days):
index=mymts earliest=-25d | eval date_hour=strftime(_time, "%H") | search date_hour>=6 date_hour<=23 host="172.17.172.1" "/netmap/*"
hope this helps others.
Related
According to Splunk, | mcatalog values(_value) WHERE index=index-name is not allowed. Is there another way to view _value's for all the requests sent without using mcatalog?
P.S. i've looked into mstats but it only offers max, min, sum, etc...
If the metric you're looking for has a minute frequency you can use latest(_value) with mstats and a span of 1 minute. You will get the raw value recorded by that minute measurement.
| mstats latest(_value)
WHERE index=em_metrics metric_name="*" span=1m
BY metric_name
Notice how the raw value changes every minute:
If this fixes your problem, take a moment to accept the answer. This can be done by clicking on the check mark beside the answer to toggle it from greyed out to filled in!
I am using later.js (meteor package, voidale:later-js-tz#1.1.9) to schedule events, using the later.parse.text() parser.
I can schedule weekly events on a given weekday with no problem, with strings like 'at 11:00 on Monday'.
But I get parse errors trying things like 'at 11:00 on every second Monday of every month'.
Q: Is there a way to do this in later.js, or if not, is there a javascript library available that does support this?
Thanks.
I found moment-recur, which supports this nth-weekday of a month in its API, but doesn't have a text parser.
I then used PEGjs to build a text parser which outputs the necessary parameters, which I use in a straightforward way to call the moment-recur API.
I have created a console application in VB.Net that adds 2 times together and then displays the output of the final time. I've managed to get it working after much work but I have a problem:
Sometimes when I calculate the time and the end result is below '10 mins', it doesn't include the "0" in front of the minutes. I say this because all numbers under 10 mins on a clock are like 09, 08, 07, etc..
For example, I do 2:05 + 1:02 which the answer is meant to be 3:07 instead it comes out as 3:7. Another example would be I do 1:00 + 2:00 and the output is 3:0 when its meant to be 3:00.
Can anyone help me figure out this problem?
Format the number using a custom format. Example:
Dim minuteString as String = minutes.ToString("00")
Here is the problem.
I have to create a submission form on my Yii-based website. The form requires to enter a datetime range.For that I am using "jui datetimepicker" third-party Yii extension.
http://www.yiiframework.com/extension/datetimepicker/
I use two date fields with this extension pertaining to start and end time respectively. So, what I want to achieve is be able to restrict the start datetime only to time in the future (neither past dates nor time should be selected) and the end time itself should be restricted to the maximum of three hours following the start time.
EXAMPLE: a user wants to schedule an event. They choose a date and time, which are of course in the future. Let's say they choose March 15, 13 O'clock as the start time in the start time field. Once they are done and move to the next field ("end time"), the respective datetimepicker restricts the range of time from March 15, 13:00 to March 15, 16:00.
Hence the second datetimepicker should be dynamically updated depending on the input of the first one.
It's possible o specify date range in the datetimepicker starting from the current date, but there is nothing like that for the time selection, so a user still can select time which has already passed.
It's not that I want to solve this problem with this extention, if anybody has any suggestions about YII solutions allowing to specify a datetime range in the most clean and effective way - it would be much appreciated.
You should use the edaterangepicker extension instead.
Given the API for the jquery timepicker addon. you should add the following to your widget call (along side 'model','attribute', etc)
'options'=>array(
'minDateTime'=>'<start dateTime here>',
'onSelect'=>'<JS function to run>'
)
The function you run on the "onSelect" event should dynamically set the minDateTime for the second dateTime input field, for ex:
function (selectedDateTime){
<EndDatePickerElement>.datetimepicker('option', 'minDateTime', <start dateTime here using selectedDateTime> );
}
There are more examples on the link provided earlier if you need to make it even more precise (like say if you wanted the starting date to be pushed back by the amount of time the user was on the page rather than it being set when the page was loaded. etc...)
I've got a page with DateTimeField.
When i'm filling only date field (leaving hours and minutes fields empty) and have a validation error (page get's reloaded, feedback panel is shown), time fields got filled in with 0:00. But the thing is, that I want to have 00:00.
As I inspected, minutes field got ZeroPaddingIntegerConverter(2), so I just simply add it to hours field. But the thing is I cannot add anything to hours field as it is private.
So is there a way to add a ZeroPaddingIntegerConverter(2) to a hours field in DateTimeField of Apache Wicket ?
I use the DateTextField provided in the org.apache.wicket.extensions.markup.html.form package
DateTextField myDateTextField = DateTextField("endTime", "HH:mm");
You can define a date pattern that will be used for formatting the date. The time will be displayed with two digits for the hour and a leading zero if necessary.