https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547064#M37610 <P>Currently the search gives a single row of data for whatever length of time I select. I want it to give a row for every day in the length of time I select so I can do some analysis with the numbers.&nbsp;</P><P>I tried the timechart recommendation, and get the following errors:</P><DIV class="alerts search-searchflashmessages"><DIV class="alert alert-error">Error in 'timechart' command: You must specify data field(s) to chart.<DIV class="job-status-container"><DIV class="shared-jobstatus"><DIV class="alert alert-error">The search job has failed due to an error. You may be able view the job in the<SPAN>&nbsp;</SPAN></DIV></DIV></DIV></DIV></DIV> Wed, 07 Apr 2021 15:54:03 GMT frostyflamez 2021-04-07T15:54:03Z https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547044#M37605 <P>Here is the search I'm running:</P><P>index=cdb_summary source=CDM_*_Daily_Summary fismaid=* sourcetype=swam_summary OR sourcetype=hwam_summary<BR />| stats sum(TotalManaged) as TotalApplicable,count(eval(AutoFail=="False")) as GoodAssets , sum(NotScanned) as NotScanned,values(FailedCPE) as FailedCPEs, count(FailedCPE) as FailedCPE<BR />| eval SWAM_Score=round((TotalApplicable-NotScanned-FailedCPE)/TotalApplicable*100)</P><P>&nbsp;</P><P>I'd like to get results from each day within a given timeframe to use for the ML Toolkit.&nbsp; I've tried timewrap, but it returns no results. How can I get a search to run this query for each day in a given timeframe?</P> Wed, 07 Apr 2021 14:24:41 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547044#M37605 frostyflamez 2021-04-07T14:24:41Z https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547048#M37607 <LI-CODE lang="markup">index=cdb_summary source=CDM_*_Daily_Summary fismaid=* sourcetype=swam_summary OR sourcetype=hwam_summary | bin span=1d _time | stats sum(TotalManaged) as TotalApplicable,count(eval(AutoFail=="False")) as GoodAssets , sum(NotScanned) as NotScanned,values(FailedCPE) as FailedCPEs, count(FailedCPE) as FailedCPE by _time | eval SWAM_Score=round((TotalApplicable-NotScanned-FailedCPE)/TotalApplicable*100)</LI-CODE> Wed, 07 Apr 2021 14:29:18 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547048#M37607 ITWhisperer 2021-04-07T14:29:18Z https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547059#M37609 <P>I am not sure if I understand your question right but if you want to have the results for just a timeframe of some days for example every day from 05:00 to 23:00 you can add somethin like that:</P><P>......| eval eventHour=strftime(_time,"%H") | search eventHour&gt;5 AND eventHour&lt;23<BR /><BR />for whole days i would use:</P><P>| timchart span=%%</P><P>with the span you want to compare.</P> Wed, 07 Apr 2021 15:19:54 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547059#M37609 RetailOperation 2021-04-07T15:19:54Z https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547064#M37610 <P>Currently the search gives a single row of data for whatever length of time I select. I want it to give a row for every day in the length of time I select so I can do some analysis with the numbers.&nbsp;</P><P>I tried the timechart recommendation, and get the following errors:</P><DIV class="alerts search-searchflashmessages"><DIV class="alert alert-error">Error in 'timechart' command: You must specify data field(s) to chart.<DIV class="job-status-container"><DIV class="shared-jobstatus"><DIV class="alert alert-error">The search job has failed due to an error. You may be able view the job in the<SPAN>&nbsp;</SPAN></DIV></DIV></DIV></DIV></DIV> Wed, 07 Apr 2021 15:54:03 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-to-execute-a-search-for-each-day-within-a-range/m-p/547064#M37610 frostyflamez 2021-04-07T15:54:03Z