All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Comparing Multiple Years of Max Values

israelgutierrez
Path Finder
‎06-28-2014 04:21 PM

Hi

I have a dataset with Time, by Day-Month-Year and a Integer value per day, something like this

_time mxo
30-01-2010 6
30-01-2011 8
30-01-2012 3
30-01-2013 5
30-01-2014 9

I want to make some timechart comparing by month over the years, like comparing 2 or more years of maximum number

My first approach was using Timewrap with something like this

host="smo*" earliest=-12m@y latest=-1m@m |timechart span=1Month max(mxo) | timewrap y

But seems out of range or something wrong
External search command 'timewrap' returned error code 255. Script output = "ERROR "'timeunit' argument required, such as d, w, 2m, q, y" "

Maybe someone have a better and working solution,

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-01-2014 07:09 AM

I tried similar thing and the timewrap is somehow not accepting "y" as an option. Though "timewrap 12mon" works. Try following

host="smo*" earliest=-3y@y latest=+y@y  |timechart span=1mon max(mxo) | timewrap 12month

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-01-2014 07:09 AM

I tried similar thing and the timewrap is somehow not accepting "y" as an option. Though "timewrap 12mon" works. Try following

host="smo*" earliest=-3y@y latest=+y@y  |timechart span=1mon max(mxo) | timewrap 12month
Reply
Solved! Jump to solution

israelgutierrez
Path Finder
‎07-01-2014 11:39 AM

Thank you thats work

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎06-28-2014 09:29 PM

Note, -12m moves you back twelve minutes, not twelve months... you're probably looking for -12mon.

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...