Solved: Can I get today's weekday in splunk search?

hqw · ‎09-08-2015

hi all,

May i know if there is a function to get the system current weekday ?

for example, the system time ="2015-09-09 10:00:00" but what i want is wednesday,because i just want to show those results. my thing command: where weekday= relative_time(now(),"%A"), but it is not working, currently i just use where weekday="@w3" in command, but till tomorrow, i need change it to Thursday manually. that is why i want to get the system current weekday, so it can change automatically.

Please kindly help this, thanks

Best Regards

MuS · ‎09-08-2015

Hi hqw,

you can get the current day and use it in your search like this:

index=_internal | eval weekday=strftime(now(),"%A") | stats count by weekday

or like this:

index=_internal earliest=0 | eval weekday=strftime(now(),"%A") | eval weekday=lower(weekday) | where date_wday=weekday | stats count by weekday

Hope this helps ...

cheers, MuS

View solution in original post

landen99 · ‎07-01-2020

| makeresults
| eval weekday=strftime(_time,"%A")
| table weekday

MuS · ‎09-08-2015

Hi hqw,

you can get the current day and use it in your search like this:

index=_internal | eval weekday=strftime(now(),"%A") | stats count by weekday

or like this:

index=_internal earliest=0 | eval weekday=strftime(now(),"%A") | eval weekday=lower(weekday) | where date_wday=weekday | stats count by weekday

Hope this helps ...

cheers, MuS

hqw · ‎09-12-2015

Hi Mus,

The second one is really helpful for my question, thanks very much.

Best regards
Hqw

Can I get today's weekday in splunk search?

Introducing Splunk Enterprise Security 8.0!

Mastering Threat Hunting

Upcoming Community Maintenance: 10/28