gentimes command is useful in conjunction with the map command.
Generates timestamp results starting with the exact time specified as start time. Each result describes an adjacent, non-overlapping time range as indicated by the increment value. This terminates when enough results are generated to pass the endtime value.
| gentimes start=<timestamp> [end=<timestamp>] [increment=<increment>]
- Syntax: start=<timestamp>
- Description: Specify as start time.
- Syntax: MM/DD/YYYY[:HH:MM:SS] | <int>
- Description: Indicate the timeframe, using either a timestamp or an integer value. For example: 10/1/2020 for October 1, 2020, 4/1/2021:12:34:56 for April 1, 2021 at 12:34:56, or -5 for five days ago.
- Syntax: end=<timestamp>
- Description: Specify an end time.
- Default: midnight, prior to the current time in local time
- Syntax: increment=<int>(s | m | h | d)
- Description: Specify a time period to increment from the start time to the end time. Supported increments are seconds, minutes, hours, and days.
- Default: 1d
Generating commands use a leading pipe character and should be the first command in a search.
gentimes command returns four fields.
|starttime||The starting time range in UNIX time.|
|starthuman||The human readable time range in the format DDD MMM DD HH:MM:SS YYYY. For example Sun Apr 4 00:00:00 2021.|
|endtime||The ending time range in UNIX time.|
|endhuman||The human readable time range in the format DDD MMM DD HH:MM:SS YYYY. For example Fri Apr 16 23:59:59 2021.|
To specify future dates, you must include the
1. Generate daily time ranges by specifying dates
Generates daily time ranges from April 4 to April 7 in 2021. This search generates four intervals covering one day periods aligning with the calendar days April 4, 5, 6, and 7, during 2021.
| gentimes start=4/4/21 end=4/7/21
The results appear on the Statistics tab and look something like this:
|1617519600||Sun Apr 4 00:00:00 2021||1617605999||Sun Apr 4 23:59:59 2021|
|1617606000||Mon Apr 5 00:00:00 2021||1617692399||Mon Apr 5 23:59:59 2021|
|1617692400||Tue Apr 6 00:00:00 2021||1617778799||Tue Apr 6 23:59:59 2021|
|1617778800||Wed Apr 7 00:00:00 2021||1617865199||Wed Apr 7 23:59:59 2021|
2. Generate daily time ranges by specifying relative times
Generate daily time ranges from 30 days ago until 27 days ago.
| gentimes start=-30 end=-27
3. Generate hourly time ranges
Generate hourly time ranges from December 1 to December 5 in 2020.
| gentimes start=12/1/20 end=12/5/20 increment=1h
4. Generate time ranges by only specifying a start date
Generate daily time ranges from September 25 to today.
| gentimes start=9/25/20
5. Generate weekly time ranges
Although the week increment is not supported, you can generate a weekly increment by specifying
This examples generates weekly time ranges from December 1, 2020 to April 30, 2021.
| gentimes start=12/1/20 end=4/30/21 increment=7d
This documentation applies to the following versions of Splunk Cloud™: 7.0.13, 8.0.2006, 8.0.2007, 8.1.2009, 8.1.2008, 8.1.2011, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104, 8.2.2105, 8.2.2106