monitoring data-analysis splunk splunk-query splunk-dashboard

Splunk Enterprise: Exclude certain time ranges for a bigger time range

I am in need of knowing if there is a possibility to exclude certain time ranges within a given time period? I have a formula for my search and then I have chosen the datepicker, but would like to know if I can filter out specific time ranges within what I already have chosen?

Or is the only way out to make multiple searches from the datepicker menu?

Thanks a lot

Solution

The way to filter time the way you're describing is by putting it directly in your SPL instead of using the time picker using earliest and latest

For example:

index=ndx sourcetype=srctp ((earliest=-24d latest=-20d) OR (earliest=-10d latest=-6d)
| <rest of SPL>

Monitoring uptime and health of several services (web service, oracle, web app)
how can i control the number of events a namespace can save?
Error: Unable to connect with Loki. Please check the server logs for more details on Grafana
Query Log Analytics from Cloud Function
How do I easily extend the scope of my CRON job, monitor and retry if a part/all of the job fails?
How can I monitor a Windows directory for changes?
Why does the psutil CPU tracker not work in Google Cloud Run?
Can we expose organization metrics in AzureDevOps to a Dashboard
How to monitor number of syscalls executed by kernel?
App Service Status Running with failed startup
How can I monitor data on a serial port in Linux?
ECS metric does not match EC2's
Monitoring/Alert Rules Requirements for Azure Web Apps, Server Farm vs WebSite
Prometheus service discovery with docker-compose
How can I get a production server alert log in my Slack channel?, so that if there is a problem I will be notified as soon as possible
What additional benefits can Sentry.IO provide over Application Insights for ASP.NET Core?
How to monitor a complete directory tree for changes in Linux?
How do I make my program watch for file modification in C++?
How do you compute the performance impact of a eBPF probe?
Increasing Prometheus storage retention
How to monitor a Windows Service on an Azure VM?
Cadvisor "mountpoint for cpu not found"
Multiple email receivers in prometheus alertmanager "to" field
How to reload prometheus config without restarting?
Catch "nodes" interactions at RequestResponse level (K8s Audit Policy)
message.embeds from discord.py library cant see embed from SD.C Monitoring bot
PowerShell script to check the status of a URL
Prometheus PromQL Rateinterval from midnight to now
Need to monitor invalid objects from different DBLinks
VictoriaMetrics (VM Agent) relable metrics pattern