Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I run a search for both this and last week?

Skins
Path Finder
‎08-24-2017 04:37 PM

I have a search which i want to run over the last 7 days and compare the total from last week and the current number for this week.

my search if run over 7 days seems to only compare with the previous day.

index=wineventlog sourcetype="WinEventLog:Security" EventCode=4725 | timechart span=1d count AS "7 day disabled Accts"

gratzi

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-25-2017 01:16 AM

Hi Skins,
try using timechart command and bins option:

index=wineventlog sourcetype="WinEventLog:Security" EventCode=4725 earliest=-2w latest=now | timechart bins=2 count

Bye.
Giuseppe

Reply

s2_splunk
Splunk Employee
Splunk Employee
‎08-24-2017 05:20 PM

Start here

0 Karma
Reply

Skins
Path Finder
‎08-24-2017 08:44 PM

i tried adding timewrap 1week to the end of my search but that doesn't give me what i wanted either.

I'm looking for a single value which runs as a weekly scheduled report that gives me this weeks value and the previous weeks value underneath in the sparkline (or maybe a percentage)

gratzi

0 Karma
Reply

ColinCH
Path Finder
‎08-25-2017 01:33 AM

So if i understand you correctly, you want 2 numbers

Lastweek:
Thisweek:

you tried it with | timechart span=1w count as "Weekly" ? and run it ends of the week?

if you want "thisweek" splitted by days you can do a subsearch and append that one.

| append [ search "your query" earliest=-1w@w latest=@w| timechart span=1d count as "Daily"]

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...