You can only have one set of TO/FROM, and the FROM time has to be before the TO
time.
If it was for more than a 6 minute window, you could try creating cache files for the 2 periods and combining them, but it seems that simply editing out the 6 minutes would be the simplest way to do what you're trying to do.
Personally, I'd take a much closer look at the data in that 6 minute window.
Turn on the Host report (HOST ON), and see if there's a single IP address
generating the anomalous data. Then look for that address in the whole log
(HOST INCLUDE w.x.y.z) and see if it only occurs in your 6 minute window. If it
does, then exclude it (HOSTEXCLUDE w.x.y.z)
This is where I started from - the HOST report showed up *nothing* out
of the ordinary - entries in the region of between 2 and 18 per HOST,
which I why I wanted to exclude what looked like the time span that
included the culprit/s.
In fact, while waiting for (understandable) advice, I have deleted two
sections of entries from my raw log files [3800 lines from 11:46:01 to
11:50:58, and 670 lines from 14:49:01 to 14:51:49]. This has made the
resulting analog look much more reasonable.
JW
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------
