Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Display 2 weeks data based on end data column

harsush
Path Finder
‎06-15-2018 08:20 PM

Hi Team,

Need your help

| inputlookup yar_list | table Name End_date Ticket hostname | sort End_date

I want to display only records which falls under current week & Next week ( 2 weeks data ) based on End_data column.

Can you pls help on this.

Thanks
HR

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎06-15-2018 09:29 PM

Hi @harsush,

Try

| inputlookup yar_list | table Name End_date Ticket hostname|eval End_date=strptime(End_date,"%Y/%m/%d %H:%M:%S") | sort End_date|where End_date >= relative_time(now(), "-2w@w")
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

harsush
Path Finder
‎06-16-2018 01:10 AM

Sorry actually i tried this - But the problem is End_date is not splunk field,

| inputlookup yar_list | eval Format_Date=strptime(End_date,"%m/%d/%Y %H:%M:%S.%3N") | table Name Format_Date End_date Ticket hostname | sort End_date

Format_Date displays empty/ I think we should convert this field ?

0 Karma
Reply

renjith_nair
Legend
‎06-16-2018 02:14 AM

Hi @harsush,

Alright. Updated the answer with conversion also. Try and let me know

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

harsush
Path Finder
‎06-17-2018 10:36 PM

for some reason its displaying all dates.
If iam running search today it should show only records form this week & Next week.

Can you pls help on this

0 Karma
Reply

renjith_nair
Legend
‎06-18-2018 08:05 AM

By mentioning next week, hope you meant previous week. Can you just print Format_Date and relative_time(now(), "-2w@w") and paste the result for few rows or just manually compare one or two rows to see if it works

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

harsush
Path Finder
‎06-15-2018 08:37 PM

Sample data

End_date Ticket hostname
2018/06/12 23:59:59 INC00001 xyz.com

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...