Dashboards & Visualizations

Display 2 weeks data based on end data column

harsush
Path Finder

Hi Team,

Need your help

| inputlookup yar_list | table Name End_date Ticket hostname | sort End_date

I want to display only records which falls under current week & Next week ( 2 weeks data ) based on End_data column.

Can you pls help on this.

Thanks
HR

Tags (1)
0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Hi @harsush,

Try

| inputlookup yar_list | table Name End_date Ticket hostname|eval End_date=strptime(End_date,"%Y/%m/%d %H:%M:%S") | sort End_date|where End_date >= relative_time(now(), "-2w@w")
Happy Splunking!
0 Karma

harsush
Path Finder

Sorry actually i tried this - But the problem is End_date is not splunk field,

| inputlookup yar_list | eval Format_Date=strptime(End_date,"%m/%d/%Y %H:%M:%S.%3N") | table Name Format_Date End_date Ticket hostname | sort End_date

Format_Date displays empty/ I think we should convert this field ?

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Hi @harsush,

Alright. Updated the answer with conversion also. Try and let me know

Happy Splunking!
0 Karma

harsush
Path Finder

for some reason its displaying all dates.
If iam running search today it should show only records form this week & Next week.

Can you pls help on this

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

By mentioning next week, hope you meant previous week. Can you just print Format_Date and relative_time(now(), "-2w@w") and paste the result for few rows or just manually compare one or two rows to see if it works

Happy Splunking!
0 Karma

harsush
Path Finder

Sample data

End_date Ticket hostname
2018/06/12 23:59:59 INC00001 xyz.com

0 Karma
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...