Databases Reference
In-Depth Information
•
Relative
lets you choose a time in the past.
The end of the search will always be the current time. The
Snap to
option
lets you choose a unit to round down to. For instance, if the current time is
4:32 and you choose
2
for the
Hour(s) ago
option, and
Hour
for the
Snap to
option, the earliest time for the search will be 2:00.
Effective range
will tell
you what time range is being searched.
Note the text under
Search language equivalent
. This is the way you express
relative times in Splunk. We will see this often as we move forward.
• Like
Relative
time,
Real-time
lets you choose a time in the past and shows
you the search language equivalent. A real-time search is different in that it
continues to run, continuously updating your query results, but only keeps
the events with a parsed date that is newer than the time frame specified.
Search WWH ::
Custom Search