gentimes command is useful in conjunction with the map command.
Generates timestamp results starting with the exact time specified as start time. Each result describes an adjacent, non-overlapping time range as indicated by the increment value. This terminates when enough results are generated to pass the endtime value.
This command does not work for future dates.
| gentimes start=<timestamp> [end=<timestamp>] [increment=<increment>]
- Syntax: start=<timestamp>
- Description: Specify as start time.
- Syntax: MM/DD/YYYY[:HH:MM:SS] | <int>
- Description: Indicate the timeframe, for example: 10/1/2017 for October 1, 2017, 4/1/2017:12:34:56 for April 1, 2017 at 12:34:56, or -5 for five days ago.
- Syntax: end=<timestamp>
- Description: Specify an end time.
- Default: midnight, prior to the current time in local time
- Syntax: increment=<int>(s | m | h | d)
- Description: Specify a time period to increment from the start time to the end time. Supported increments are seconds, minutes, hours, and days.
- Default: 1d
Generating commands use a leading pipe character and should be the first command in a search.
gentimes command returns four fields.
|starttime||The starting time range in UNIX time.|
|starthuman||The human readable time range in the format DDD MMM DD HH:MM:SS YYYY. For example Sun Apr 1 00:00:00 2018.|
|endtime||The ending time range in UNIX time.|
|endhuman||The human readable time range in the format DDD MMM DD HH:MM:SS YYYY. For example Fri Apr 13 23:59:59 2018.|
1. Generate daily time ranges by specifying dates
Generates daily time ranges from April 1 to April 5 in 2018. This search generates four intervals covering one day periods aligning with the calendar days April 1, 2, 3, and 4, during 2018.
| gentimes start=4/1/18 end=4/5/18
The results appear on the Statistics tab and look something like this:
|1522566000||Sun Apr 1 00:00:00 2018||1522652399||Sun Apr 1 23:59:59 2018|
|1522652400||Mon Apr 2 00:00:00 2018||1522738799||Mon Apr 2 23:59:59 2018|
|1522738800||Tue Apr 3 00:00:00 2018||1522825199||Tue Apr 3 23:59:59 2018|
|1522825200||Wed Apr 4 00:00:00 2018||1522911599||Wed Apr 4 23:59:59 2018|
2. Generate daily time ranges by specifying relative times
Generate daily time ranges from 30 days ago until 27 days ago.
| gentimes start=-30 end=-27
3. Generate hourly time ranges
Generate hourly time ranges from December 1 to December 5 in 2017.
| gentimes start=12/1/17 end=12/5/17 increment=1h
4. Generate time ranges by only specifying a start date
Generate daily time ranges from September 25 to today.
| gentimes start=9/25/17
5. Generate weekly time ranges
Although the week increment is not supported, you can generate a weekly increment by specifying
This examples generates weekly time ranges from December 1, 2017 to April 30, 2018.
| gentimes start=12/1/17 end=4/30/18 increment=7d
This documentation applies to the following versions of Splunk Cloud™: 7.0.13, 7.2.9, 8.0.2007, 8.1.2008, 7.2.10, 8.0.2006, 8.1.2009, 8.1.2011, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104