Splunk 简明教程
Splunk - Time Range Search
Splunk Web 界面会显示时间轴,该时间轴会指示一系列时间段中事件的分布情况。提供了预设时间间隔,您可以从中选择特定时间范围,也可以根据需要自定义时间范围。
The Splunk web interface displays timeline which indicates the distribution of events over a range of time. There are preset time intervals from which you can select a specific time range, or you can customize the time range as per your need.
以下屏幕显示各种预设时间轴选项。选择其中任何选项只会获取该特定时间段的数据,您还可以使用可用的自定义时间轴选项进一步分析该数据。
The below screen shows various preset timeline options. Choosing any of these options will fetch the data for only that specific time period which you can also analyse further, using the custom timeline options available.
例如,选择上个月的选项将仅为我们提供上个月的结果,如您在下面的时间轴图中看到的范围所示。
For example, choosing the previous month option gives us the result only for the previous month as you can see the in spread of the timeline graph below.
Selecting a Time Subset
通过单击并拖动时间轴中的条形,我们可以选择已存在的子集结果。这不会导致查询重新执行。它只会从现有结果集中过滤掉记录。
By clicking and dragging across the bars in the timeline, we can select a subset of the result that already exists. This does not cause the re-execution of the query. It only filters out the records from the existing result set.
下图显示了从结果集中选择子集的情况:
Below image shows the selection of a subset from the result set −
Earliest and Latest
可以在搜索栏中使用 earliest 和 latest这两个命令来指示在其中筛选结果的时间范围。这类似于选择时间子集,但它是通过命令而不是在特定时间轴栏中单击的选项进行的。因此,它可以更精细地控制您可以针对分析选择的数据范围。
The two commands, earliest and latest can be used in the search bar to indicate the time range in between which you filter out the results. It is similar to selecting the time subset, but it is through commands rather than the option of clicking at a specific time line bar. So, it provides a finer control over that data range you can pick for your analysis.
在上图中,我们在最近 7 天到最近 15 天之间给出了一个时间范围。因此,这两天之间的数据会显示出来。
In the above image, we give a time range between last 7 days to last 15 days. So, the data in between these two days is displayed.