Filtering a weekly timewrap timechart by a specific time window each day.

jbrenner — Wed, 20 Mar 2024 21:03:20 GMT

I have the following query that gives me week-over-week comparisons for the past month:

index="myIndex" earliest=-1mon "my query" | timechart count as Visits | timewrap w

I have added dropdowns to my dashboard to filter this data by a user-selected time window for every day in the one month range. The four dropdowns correspond to the start hour, start minute, end hour, and end minute of the time window in military time. For example, to filter the data by 6:30 AM - 1:21 PM each day, the tokens would have the following values:

$start_hour_token$: '6' $start_minute_token$: '30' $end_hour_token$: '13' $end_minute_token$: '21'

How would I modify the original query to make ths work?

Thanks! Jonathan

Re: Filtering a weekly timewrap timechart by a specific time window each day.

bowesmana — Wed, 20 Mar 2024 22:53:03 GMT

Do you have the date_* fields in your data?

If so, you can do this

search... earliest=-1mon (date_hour>=$start_hour_token$ date_minute>=$start_minute_token$) (date_hour<$end_hour_token$ OR (date_hour=$end_hour_token$ date_minute<$end_minute_token$)))

If you don't have those fields extracted, then you will have to do an eval statement to create the date_hour and date_minute fields and then do a where clause to do the same comparison as above.

topic Re: Filtering a weekly timewrap timechart by a specific time window each day. in Splunk Search

Filtering a weekly timewrap timechart by a specific time window each day.

Re: Filtering a weekly timewrap timechart by a specific time window each day.