https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376071#M174071 <P>@ronniemakhombi,</P> <P>Try using the week number in the sorting</P> <PRE><CODE>your search|eval week_no=strftime( strptime(DATE,"%d/%m/%Y"),"%V")|sort week_no </CODE></PRE> Mon, 17 Dec 2018 09:50:57 GMT renjith_nair 2018-12-17T09:50:57Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376070#M174070 <P>I am new to Splunk. I am having a problem sorting my search results by week. I tried using the following dates as my earliest and latest dates as: </P> <PRE><CODE>| earliest="08/06/2018" latest="30/06/2018" </CODE></PRE> <P>The following is a snippet for my events. </P> <P>DATE,Number,Count,Amount<BR /> 08/06/2018,267774,1,5<BR /> 08/06/2018,267721,1,5<BR /> 30/06/2018,2677759,1,5</P> <P>Please help</P> Mon, 17 Dec 2018 09:32:33 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376070#M174070 ronniemakhombi 2018-12-17T09:32:33Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376071#M174071 <P>@ronniemakhombi,</P> <P>Try using the week number in the sorting</P> <PRE><CODE>your search|eval week_no=strftime( strptime(DATE,"%d/%m/%Y"),"%V")|sort week_no </CODE></PRE> Mon, 17 Dec 2018 09:50:57 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376071#M174071 renjith_nair 2018-12-17T09:50:57Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376072#M174072 <P>Hi <BR /> renjith, Kindly explain ( strptime(DATE,"%d/%m/%Y"),"%V"). i used it as | eval week_1=strftime( strptime(DATE,"08/06/2018"),"%V")</P> Mon, 17 Dec 2018 10:28:33 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376072#M174072 ronniemakhombi 2018-12-17T10:28:33Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376073#M174073 <P><CODE>strptime(DATE,"%d/%m/%Y")</CODE> converts your DATE to an epoch time. Lets assume the field as e<BR /> <CODE>strftime(e,"%V")</CODE> extracts the week number from that.</P> <P>So it can be splitted into two steps as well</P> <PRE><CODE>|eval time_in_epoch=strptime(DATE,"%d/%m/%Y") |eval week_1=strftime(time_in_epoch,"%V") </CODE></PRE> <P>Hope that helps</P> Mon, 17 Dec 2018 10:35:16 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376073#M174073 renjith_nair 2018-12-17T10:35:16Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376074#M174074 <P>It worked thanx! It grouped my search results into 4. For the future, using<BR /><BR /> |eval time_in_epoch=strptime(DATE,"%d/%m/%Y")<BR /> |eval week_1=strftime(time_in_epoch,"%V")</P> <P>How can I have the results displaying week 1, week 2, week 3 and week 4. </P> Tue, 29 Sep 2020 22:29:17 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376074#M174074 ronniemakhombi 2020-09-29T22:29:17Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376075#M174075 <P>Hows your output looks like now? Are there only 4 rows and the count is per week and sorted?</P> Mon, 17 Dec 2018 12:39:38 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376075#M174075 renjith_nair 2018-12-17T12:39:38Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376076#M174076 <P>Hi Renjith. The following is the output I received from </P> <P>|eval time_in_epoch=strptime(DATE,"%d/%m/%Y")<BR /> |eval week_1=strftime(time_in_epoch,"%V")</P> <P>I want to sort them as Week 1, Week 2, Week 3, Week 4</P> Tue, 29 Sep 2020 22:24:53 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376076#M174076 ronniemakhombi 2020-09-29T22:24:53Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376077#M174077 <P>There are 4 rows and the count. These rows are as 23, 24, 25, 26 (These are not sorted), however, the count is sorted. </P> Mon, 17 Dec 2018 14:16:04 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376077#M174077 ronniemakhombi 2018-12-17T14:16:04Z https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376078#M174078 <P>@ronniemakhombi,<BR /> Alright. <BR /> Try</P> <PRE><CODE>"your current search"|sort week_1|streamstats count as _rowno|eval week_1="Week"._rowno </CODE></PRE> Mon, 17 Dec 2018 14:24:22 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-sort-my-search-events-by-week/m-p/376078#M174078 renjith_nair 2018-12-17T14:24:22Z