Answer the question
In order to leave comments, you need to log in
P
P
Philip Shishkin2019-05-25 13:30:46
Philip Shishkin, 2019-05-25 13:30:46
How to choose the right filter to sort events in Splunk?
There is a log in which you need to filter events for further work with them. The filter will be by time and date, highlighted in bold. The question is how to do this? By specifying %m/%d/%y, the filter works only by month, day and year, I try to add time attributes %H:%M:%S.%3N(hours minutes seconds microseconds) separated by a space, according to the documentation, it does not work.
spoiler
5/12/18
11:09:45.880 AM
22-03-2017 11:09:45,388 [INFO ] - add_application
Context: device_platform=windows phone_work_ext...............
5/12/18
11:09:45.860 AM
22-03-2017 11:09:45,386 [INFO ] - id=8ee535c085ba515761234fc1b6522c3f
Context: device_platform=windows phone_work_ext..............
5/12/18
11:09:40.251 AM
22-03-2017 11:09:40,251 [INFO ] - add_application
Context: device_platform=windows phone_work_ext.................
11:09:45.880 AM
22-03-2017 11:09:45,388 [INFO ] - add_application
Context: device_platform=windows phone_work_ext...............
5/12/18
11:09:45.860 AM
22-03-2017 11:09:45,386 [INFO ] - id=8ee535c085ba515761234fc1b6522c3f
Context: device_platform=windows phone_work_ext..............
5/12/18
11:09:40.251 AM
22-03-2017 11:09:40,251 [INFO ] - add_application
Context: device_platform=windows phone_work_ext.................
Similar questions
K
G
D
Z
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question