https://community.splunk.com/t5/Splunk-Search/Group-my-data-per-week/m-p/353976#M104765 <P>Hello! <BR /> Try this run anywhere command</P> <PRE><CODE>| makeresults | eval opened_at = "9/01/2018 12:23:35" | eval created_at=strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval Month=strftime(created_at,"%b/%Y") | eval date_month=strftime(created_at,"%m") | eval date_year=strftime(created_at,"%Y") | eval epoch = strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval week=strftime(created_at, "%w") | eval diff = (now() - epoch)/60 | where diff &lt; 131400 | stats count(eval(u_service_req="true")) as "Number of SRs", count(eval(u_service_req!="true")) as "No. of Incidents", count(ticket_number) as "Total" by week Month date_month date_year | sort+ date_year date_month | fields- date_year date_month </CODE></PRE> <P>Hope this helps!</P> Thu, 15 Mar 2018 05:38:09 GMT bangalorep 2018-03-15T05:38:09Z https://community.splunk.com/t5/Splunk-Search/Group-my-data-per-week/m-p/353974#M104763 <P>Hi All,</P> <P>I am currently having trouble in grouping my data per week. My search is currently configured to be in a relative time range (3 months ago), connected to service now and the date that I use is on the field opened_at. Only data that has a date in its opened_at within 3 months ago should only be fetched. I had successfully grouped them by month and year but I am having trouble in grouping them per week. Is it possible to group them by week? Please see details below. Thank you.</P> <P>Current setup of the table.<BR /> Month No. of SRs No. of INCs Total<BR /> Dec/2017 172 99 271<BR /><BR /> Jan/2018 543 243 788<BR /><BR /> Feb/2018 439 213 654<BR /><BR /> Mar/2018 160 105 265 </P> <P>My current query:<BR /> ...search|<BR /> | eval created_at=strptime(opened_at,"%d/%m/%Y %H:%M:%S") <BR /> | eval Month=strftime(created_at,"%b/%Y") <BR /> | eval date_month=strftime(created_at,"%m") <BR /> | eval date_year=strftime(created_at,"%Y") <BR /> | eval epoch = strptime(opened_at,"%d/%m/%Y %H:%M:%S") <BR /> | eval diff = (now() - epoch)/60 <BR /> | where diff &lt; 131400 <BR /> | stats count(eval(u_service_req="true")) as "Number of SRs", count(eval(u_service_req!="true")) as "No. of Incidents", count(ticket_number) as "Total" by Month date_month date_year <BR /> | sort+ date_year date_month | fields- date_year date_month</P> Tue, 29 Sep 2020 18:29:52 GMT https://community.splunk.com/t5/Splunk-Search/Group-my-data-per-week/m-p/353974#M104763 NicoloPunzalan2 2020-09-29T18:29:52Z https://community.splunk.com/t5/Splunk-Search/Group-my-data-per-week/m-p/353975#M104764 <P>Can you try something like:</P> <PRE><CODE>| eval week=strftime(created_at, "%Y-%U") </CODE></PRE> <P>And then also group by week.</P> Thu, 15 Mar 2018 05:25:35 GMT https://community.splunk.com/t5/Splunk-Search/Group-my-data-per-week/m-p/353975#M104764 p_gurav 2018-03-15T05:25:35Z https://community.splunk.com/t5/Splunk-Search/Group-my-data-per-week/m-p/353976#M104765 <P>Hello! <BR /> Try this run anywhere command</P> <PRE><CODE>| makeresults | eval opened_at = "9/01/2018 12:23:35" | eval created_at=strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval Month=strftime(created_at,"%b/%Y") | eval date_month=strftime(created_at,"%m") | eval date_year=strftime(created_at,"%Y") | eval epoch = strptime(opened_at,"%d/%m/%Y %H:%M:%S") | eval week=strftime(created_at, "%w") | eval diff = (now() - epoch)/60 | where diff &lt; 131400 | stats count(eval(u_service_req="true")) as "Number of SRs", count(eval(u_service_req!="true")) as "No. of Incidents", count(ticket_number) as "Total" by week Month date_month date_year | sort+ date_year date_month | fields- date_year date_month </CODE></PRE> <P>Hope this helps!</P> Thu, 15 Mar 2018 05:38:09 GMT https://community.splunk.com/t5/Splunk-Search/Group-my-data-per-week/m-p/353976#M104765 bangalorep 2018-03-15T05:38:09Z