Dashboards & Visualizations

Add previous week to line chart for comparison

davidsplunk123
New Member

I have this below search and would like to add another line to include the week previous showing how it compares with the last 7 days.

index=summary report=otl_engineering_jiracsatresults Key="**" Assignee="**" Classification="**"
| dedup Key 
| eval dateEpoch = strptime(Date, "%Y-%m-%d %H:%M") 
| eval today = now() 
| eval daysAgo = round(((today - dateEpoch)/60/60/24), 0) 
| rex field=Date "(?<day>^\d{4}-\d{2}-\d{2}) \d{2}:\d{2}$"
| table Key, Summary, Reporter, Assignee, Classification, "CSAT Rate", "CSAT Rating Comment", Date, daysAgo, day
|  search daysAgo <= 7 
| stats avg("CSAT Rate") as AverageCustomerRating by day

alt text

Tags (1)
0 Karma

cmerriman
Super Champion

what version of Splunk are you using? newer versions of Splunk (6.5+, I believe) have a command called timewrap

https://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/Timewrap

if you do something ilke:

index=summary report=otl_engineering_jiracsatresults Key="**" Assignee="**" Classification="**"
 | dedup Key 
 | eval dateEpoch = strptime(Date, "%Y-%m-%d %H:%M") 
 | eval today = now() 
 | eval daysAgo = round(((today - dateEpoch)/60/60/24), 0) 
 | rex field=Date "(?<day>^\d{4}-\d{2}-\d{2}) \d{2}:\d{2}$"
 | table Key, Summary, Reporter, Assignee, Classification, "CSAT Rate", "CSAT Rating Comment", Date, daysAgo, day dateEpoch
 | eval _time=dateEpoch
 |  search daysAgo <= 14 
 | timechart span=1d avg("CSAT Rate") as AverageCustomerRating 
 | timewrap 1week

there is also a timewrap app, if you're on an older version of splunk https://splunkbase.splunk.com/app/1645/

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...