Re: Display 2 weeks data based on end data column

harsush · ‎06-15-2018

Hi Team,

Need your help

| inputlookup yar_list | table Name End_date Ticket hostname | sort End_date

I want to display only records which falls under current week & Next week ( 2 weeks data ) based on End_data column.

Can you pls help on this.

Thanks
HR

renjith_nair · ‎06-15-2018

Hi @harsush,

Try

| inputlookup yar_list | table Name End_date Ticket hostname|eval End_date=strptime(End_date,"%Y/%m/%d %H:%M:%S") | sort End_date|where End_date >= relative_time(now(), "-2w@w")

---
What goes around comes around. If it helps, hit it with Karma 🙂

harsush · ‎06-16-2018

Sorry actually i tried this - But the problem is End_date is not splunk field,

| inputlookup yar_list | eval Format_Date=strptime(End_date,"%m/%d/%Y %H:%M:%S.%3N") | table Name Format_Date End_date Ticket hostname | sort End_date

Format_Date displays empty/ I think we should convert this field ?

renjith_nair · ‎06-16-2018

Hi @harsush,

Alright. Updated the answer with conversion also. Try and let me know

---
What goes around comes around. If it helps, hit it with Karma 🙂

harsush · ‎06-17-2018

for some reason its displaying all dates.
If iam running search today it should show only records form this week & Next week.

Can you pls help on this

renjith_nair · ‎06-18-2018

By mentioning next week, hope you meant previous week. Can you just print Format_Date and relative_time(now(), "-2w@w") and paste the result for few rows or just manually compare one or two rows to see if it works

---
What goes around comes around. If it helps, hit it with Karma 🙂

harsush · ‎06-15-2018

Sample data

End_date Ticket hostname
2018/06/12 23:59:59 INC00001 xyz.com

Display 2 weeks data based on end data column

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!