Solved: Can I get today's weekday in splunk search?

hqw · ‎09-08-2015

hi all,

May i know if there is a function to get the system current weekday ?

for example, the system time ="2015-09-09 10:00:00" but what i want is wednesday,because i just want to show those results. my thing command: where weekday= relative_time(now(),"%A"), but it is not working, currently i just use where weekday="@w3" in command, but till tomorrow, i need change it to Thursday manually. that is why i want to get the system current weekday, so it can change automatically.

Please kindly help this, thanks

Best Regards

MuS · ‎09-08-2015

Hi hqw,

you can get the current day and use it in your search like this:

index=_internal | eval weekday=strftime(now(),"%A") | stats count by weekday

or like this:

index=_internal earliest=0 | eval weekday=strftime(now(),"%A") | eval weekday=lower(weekday) | where date_wday=weekday | stats count by weekday

Hope this helps ...

cheers, MuS

View solution in original post

landen99 · ‎07-01-2020

| makeresults
| eval weekday=strftime(_time,"%A")
| table weekday

MuS · ‎09-08-2015

Hi hqw,

you can get the current day and use it in your search like this:

index=_internal | eval weekday=strftime(now(),"%A") | stats count by weekday

or like this:

index=_internal earliest=0 | eval weekday=strftime(now(),"%A") | eval weekday=lower(weekday) | where date_wday=weekday | stats count by weekday

Hope this helps ...

cheers, MuS

hqw · ‎09-12-2015

Hi Mus,

The second one is really helpful for my question, thanks very much.

Best regards
Hqw

Can I get today's weekday in splunk search?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!