Solved: Re: How to show data for second week of tuesday ev...

pavithra · ‎05-26-2024

emdaax · ‎05-27-2024

Hi @pavithra

you could try with the ceiling function: ceiling or ceil

example:

| eval day_of_month=strftime(_time, "%d")
| eval day_of_week=strftime(_time, "%A")
| eval week_of_month=ceil(day_of_month/7)
| where day_of_week="Tuesday" AND week_of_month=2

best regards,

View solution in original post

emdaax · ‎05-27-2024

Hi @pavithra

you could try with the ceiling function: ceiling or ceil

example:

| eval day_of_month=strftime(_time, "%d")
| eval day_of_week=strftime(_time, "%A")
| eval week_of_month=ceil(day_of_month/7)
| where day_of_week="Tuesday" AND week_of_month=2

best regards,

pavithra · ‎05-27-2024

Thanks!! Its working

gcusello · ‎05-27-2024

Hi @pavithra ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

emdaax · ‎05-27-2024

Great, I'm glad to hear that this solution was helpful for your use case 👍
happy splunking and best regards ; )

P.S.: Karma Points are always appreciated 😉

gcusello · ‎05-26-2024

Hi @pavithra

at first it isn't so clear with timeframe you want to display, but this is inside your search, so if it's the previous month, you could run something like this:

<your_search> earliest=-mon@mon latest=@mon
| stats count BY key

and schedule your search using this cron:

0 0 8-15 * 3

Ciao.

Giuseppe

How to show data for second week of tuesday every month

chart

timechart

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)