I am trying to find an event that occurs in a specific time range in Splunk, but I want this search to cover all the indexed data that covers a wide range of dates.
For example, I want to find out if the line in the indexed log file contains the word “Error” between the hours of 9 a.m. and 4 p.m. from the 25-day logs that I indexed. If the word "Error" appears outside this time range, I don’t want it to appear in my search results.
For date / time format I use mm / dd / yyyy: hh: mm: ss
Any ideas how I can do this?
Marek source
share