Weekly Trend for a moth and Monthly trend for last...

pavithra · ‎05-17-2024

I want to show weekly data in a trend ,it should not add total

Right now using the below query, but it showing overall count of a week

| timechart span=1w@w7 sum(abc) by xyz

@splunk

ITWhisperer · ‎05-17-2024

By "weekly data" data, do you mean daily data for the week? If so, you need to timechart by day and set your time period to be the week

| timechart span=1d sum(abc) by xyz

pavithra · ‎05-20-2024

I want to show data for every monday on weekly basis

ITWhisperer · ‎05-20-2024

Try something like this

| timechart span=1d sum(abc) by xyz
| where strftime(_time,"%w") = 1

pavithra · ‎05-20-2024

Its throwing an error

ITWhisperer · ‎05-20-2024

Sometimes Splunk is forgiving when it comes to data types, sometimes it isn't - this is one of those!

| timechart span=1d sum(abc) by xyz
| where strftime(_time,"%w") = "1"

pavithra · ‎05-20-2024

still its not working

ITWhisperer · ‎05-20-2024

Please share the failing SPL

pavithra · ‎05-20-2024

Thanks for your response!
I got the query

I index
| timechart span=1d sum(abc) as total by xyz
| eval day=lower(strftime(_time,"%A"))
| where day=="monday"
| fields - day

ITWhisperer · ‎05-21-2024

Interesting that you didn't do exactly as I suggested, but this should also work. What exactly is not working?

Weekly Trend for a moth and Monthly trend for last 6 months

single value

timechart

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Are you a member of the Splunk Community?