Usage of Splunk Commands: GENTIMES
GENTIMES is an event generating Splunk command, it generates timestamp events. This command can not produce future dates. As we said earlier, this is an event-generating command that’s why it will always be used as a first command of the search. By default GENTIMES command return four fields,
- starttime: initial start time in EPOCH or UNIX format (total number of seconds elapsed since 00:00:00 UTC on 1st January, 1970)
- starthuman: Initial start time in human readable format [DAY MONTH DD HH:MM:SS YYYY]
- endtime: final ending time in EPOCH or UNIX format (total number of seconds elapsed since 00:00:00 UTC on 1st January, 1970)
- endhuman: final ending time in human readable format [DAY MONTH DD HH:MM:SS YYYY]
Syntax:
|gentimes start=<start time in intizar> end=<end time in intizar> increment=<increment in intizar>
<start>= specify the start time in the following format, MM/DD/YYYY[:HH:MM:SS] OR MM/DD/YYYY OR MM/DD/YY.
<end>= specify the end time in the following format, MM/DD/YYYY[:HH:MM:SS] OR MM/DD/YYYY OR MM/DD/YY. Default value will be current time. It’s an optional argument.
<increment>= rate of incrementation from start time towards the end time in seconds, minutes, hours and day. It’s also an optional argument.
Example 1:
| gentimes start=5/1/21
Explanation:
As you can see I specified a start date but not an end date, but by default, it took the system date and time (05/04/2021) that’s why it ends on 3rd May.
Example 2:
| gentimes start=4/1/21 end=4/12/21 increment=2d
Explanation:
Here we specified both start and end-time with an incremental rate of two days.
Hope you all enjoyed this blog “Usage of Splunk Commands: GENTIMES“, see you all on to the next one.
Use Cases: How To Add Time In The Dashboard Panel
How To Add The Time In Dashboard Panel Title
Happy Splunking!!
