Time
The %time subset of commands is used to enrich the data with the ability to search based on time and make data more user friendly for analytics and visualization.
The reltime command
The reltime
%Splunk command is used to create a relative time field called reltime
. It shows the time value in a format that humans can read, relative %to current time. The time in reltime
would appear as 2 hours ago
, 3 days ago
, 1 month ago
, and so on.
The syntax for the reltime
command is as follows:
… | reltime
Refer to the following example for better clarity:
index=_internal |reltime
As %shown in the preceding screenshot, reltime
creates a more% user friendly ...
Get Splunk: Enterprise Operational Intelligence Delivered now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.