Splunk® Enterprise

Search Reference

Download manual as PDF

Download topic as PDF

gentimes

Description

The gentimes command is useful in conjunction with the map command.

Generates timestamp results starting with the exact time specified as start time. Each result describes an adjacent, non-overlapping time range as indicated by the increment value. This terminates when enough results are generated to pass the endtime value.

For example, the following search generates four intervals covering one day periods aligning with the calendar days October 1, 2, 3, and 4, during 2017.

| gentimes start=10/1/17 end=10/5/17

This command does not work for future dates.

Syntax

| gentimes start=<timestamp> [end=<timestamp>] [increment=<increment>]

Required arguments

start
Syntax: start=<timestamp>
Description: Specify as start time.
<timestamp>
Syntax: MM/DD/YYYY[:HH:MM:SS] | <int>
Description: Indicate the timeframe, for example: 10/1/2017 for October 1, 2017, 4/1/2017:12:34:56 for April 1, 2017 at 12:34:56, or -5 for five days ago.

Optional arguments

end
Syntax: end=<timestamp>
Description: Specify an end time.
Default: midnight, prior to the current time in local time
increment
Syntax: increment=<int>(s | m | h | d)
Description: Specify a time period to increment from the start time to the end time.
Default: 1d

Usage

The gentimes command is a generating command and should be the first command in the search. Generating commands use a leading pipe character.

Examples

Example 1:

All hourly time ranges from December 1 to December 5 in 2017.

| gentimes start=12/1/17 end=12/5/17 increment=1h

Example 2:

All daily time ranges from 30 days ago until 27 days ago.

| gentimes start=-30 end=-27

Example 3:

All daily time ranges from April 1 to April 5 in 2017.

| gentimes start=4/1/17 end=4/5/17

Example 4:

All daily time ranges from September 25 to today.

| gentimes start=9/25/17

See also

makeresults, map

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the gentimes command.

PREVIOUS
gauge
  NEXT
geom

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters