Dashboards & Visualizations

Display 2 weeks data based on end data column

harsush
Path Finder

Hi Team,

Need your help

| inputlookup yar_list | table Name End_date Ticket hostname | sort End_date

I want to display only records which falls under current week & Next week ( 2 weeks data ) based on End_data column.

Can you pls help on this.

Thanks
HR

Tags (1)
0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Hi @harsush,

Try

| inputlookup yar_list | table Name End_date Ticket hostname|eval End_date=strptime(End_date,"%Y/%m/%d %H:%M:%S") | sort End_date|where End_date >= relative_time(now(), "-2w@w")
Happy Splunking!
0 Karma

harsush
Path Finder

Sorry actually i tried this - But the problem is End_date is not splunk field,

| inputlookup yar_list | eval Format_Date=strptime(End_date,"%m/%d/%Y %H:%M:%S.%3N") | table Name Format_Date End_date Ticket hostname | sort End_date

Format_Date displays empty/ I think we should convert this field ?

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Hi @harsush,

Alright. Updated the answer with conversion also. Try and let me know

Happy Splunking!
0 Karma

harsush
Path Finder

for some reason its displaying all dates.
If iam running search today it should show only records form this week & Next week.

Can you pls help on this

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

By mentioning next week, hope you meant previous week. Can you just print Format_Date and relative_time(now(), "-2w@w") and paste the result for few rows or just manually compare one or two rows to see if it works

Happy Splunking!
0 Karma

harsush
Path Finder

Sample data

End_date Ticket hostname
2018/06/12 23:59:59 INC00001 xyz.com

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...