Splunk® Enterprise

Search Reference

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

gentimes

Description

The gentimes command is useful in conjunction with the map command.

Generates timestamp results starting with the exact time specified as start time. Each result describes an adjacent, non-overlapping time range as indicated by the increment value. This terminates when enough results are generated to pass the endtime value.

The gentimes command generates events up to the end time, but not including the end time.

Syntax

| gentimes start=<timestamp> [end=<timestamp>] [increment=<increment>]

Required arguments

start
Syntax: start=<timestamp>
Description: Specify as start time.
<timestamp>
Syntax: MM/DD/YYYY[:HH:MM:SS] | <int>
Description: Indicate the timeframe, using either a timestamp or an integer value. For example: 10/1/2020 for October 1, 2020, 4/1/2021:12:34:56 for April 1, 2021 at 12:34:56, or -5 for five days ago.

Optional arguments

end
Syntax: end=<timestamp>
Description: Specify an end time.
Default: midnight, prior to the current time in local time
increment
Syntax: increment=<int>(s | m | h | d)
Description: Specify a time period to increment from the start time to the end time. Supported increments are seconds, minutes, hours, and days.
Default: 1d

Usage

The gentimes command is an event-generating command. See Command types.

Generating commands use a leading pipe character and should be the first command in a search.

The gentimes command returns four fields.

Field Description
starttime The starting time range in UNIX time.
starthuman The human readable time range in the format DDD MMM DD HH:MM:SS YYYY. For example Sun Apr 4 00:00:00 2021.
endtime The ending time range in UNIX time.
endhuman The human readable time range in the format DDD MMM DD HH:MM:SS YYYY. For example Fri Apr 16 23:59:59 2021.

To specify future dates, you must include the end argument.

Examples

1. Generate daily time ranges by specifying dates

Generates daily time ranges from April 4 to April 7 in 2021. This search generates events up to the end time, but not including the end time. This search generates three intervals covering one day periods aligning with the calendar days April 4, 5, and 6, during 2021. The gentimes command generates events up to the end time, but not including the end time.

| gentimes start=4/4/21 end=4/7/21

The results look like this:

endhuman endtime starthuman starttime
Sun Apr 4 23:59:59 2021 1617605999 Sun Apr 4 00:00:00 2021 1617519600
Mon Apr 5 23:59:59 2021 1617692399 Mon Apr 5 00:00:00 2021 1617606000
Tue Apr 6 23:59:59 2021 1617778799 Tue Apr 6 00:00:00 2021 1617692400

2. Generate daily time ranges by specifying relative times

Generate daily time ranges from 30 days ago until 27 days ago.

| gentimes start=-30 end=-27

3. Generate hourly time ranges

Generate hourly time ranges from December 1 to December 5 in 2021.

| gentimes start=12/1/21 end=12/5/21 increment=1h

4. Generate time ranges by only specifying a start date

Generate daily time ranges from April 25 to today.

| gentimes start=4/25/22

5. Generate weekly time ranges

Although the week increment is not supported, you can generate a weekly increment by specifying increment=7d.

This examples generates weekly time ranges from December 1, 2021 to April 30, 2022.

| gentimes start=12/1/21 end=4/30/22 increment=7d

See also

Commands
makeresults
map
Last modified on 11 March, 2024
gauge   geom

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.0, 9.4.1, 9.4.2

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters