Gentimes
It is used to generate timestamp events with the exact time specified as start time. The gentimes command creates a series of timestamps beginning with the date specified in the start argument on its own.
Syntax
| gentimes start=<timestamp> [end=<timestamp>] [increment=<increment>]
start – specify your start time.
timestamp – MM/DD/YYYY[:HH:MM:SS].
end- specify your end time. It is an optional argument.
Increment – Specify a time period to increment from start time to end time. It can be in seconds, minutes, hours, and days.
The gentimes command returns four fields by default.
starttime – start time in UNIX format.
starthuman – start time in Human readable format ( DDD MMM DD HH:MM:SS YYYY).
endtime – end time in UNIX format.
endhuman – end time in Human readable format ( DDD MMM DD HH:MM:SS YYYY).
Example 1:
Query:
| gentimes start=8/10/22 end=8/11/22 increment=5h
Result:
Explanation:
The gentimes command will generate timestamp events from start date 10th august 2022 to end date 11th august 2022 with 5 hours interval.
Example 2 :
Query:
| gentimes start=06/01/2022 increment=1h
| eval high=50
| eval low=20
| eval airtemp= round(((random() % high)/(high)) * (high – low) + low)
| eval airHumidity= round(((random() % high)/(high)) * (high – low) + low)
| eval starttime=strftime(starttime, “%m-%d-%Y %H:%M:%S”)
| chart max(airtemp) AS airtemp max(airHumidity) as airHumidity over starttime
Result:
Explanation:
The gentimes command on its own creates a series of timestamps beginning with the date specified in the start argument. In this example, we have added the increment argument to further specify the interval for each timestamp (1h or hourly in this case). The net effect is to create 1-hour timestamps up until the current date/time.
We have used eval command to create four fields “High” , “Low” , “airtemp” and “airHumidity”. The value for the “airtemp” & “airhumidity” will be between 20 – 50 .
We used random for generating the numbers the %high is provided so that it will generate number less than the value of field High.
So to set a limit we created the High & Low fields.
Now in “airtemp”, we have applied below formula to get the desired results.
Considering the number which got generated is (random() % high) =21%50 = 21.
“round(((random() % high)/(high)) * (high – low) + low)”
round(((21)/(50)) * (50-20) + 20) = 33
by solving the above equation we get “value = 32.6 “which gets rounded, and we get “33“ as our final value.
The chart commands simply output your fictitious data into a tabular format that can be used to render visualizations via Splunk’s easy-to-use visualization tools. Executing the search above lets you quickly generate charts like the one in the screenshot below that can be used for tasks such as modifying simple XML to specify color settings.
You can use various combination to do the required task , This was the one which we used.
If you still have any doubt regarding Gentimes command in splunk. Feel free to Ask your Doubts in the Comment Section Below and Don’t Forget to Follow us on 👍 Social Networks.| Happy Splunking 😉