Dashboards & Visualizations

showing results by yearly quarter

aadye
Explorer

I'm very new to Splunk.

I have a requirement to display reports based on a last modified date, so in theory I would have a drop down for (Q1, Q2, Q3, Q4) and another for the years (2001, 2002, 2003...) My dates are stored in Month/Day/Year format.

Could somebody suggest the best way for me to go about this?

TIA

Tags (2)

yannK
Splunk Employee
Splunk Employee

You can specify a specific timerange for you searches, but in your case you probably want to display results per quarter all together on the same panel.

So another solution is to define a field for you range, based on the timestamp
(check date_month, date_day, date_year, unfortunately the date_month is a text, it may be easier to extract it as a number.)

example if your quarter is per month

mysearch | convert TIMEFORMAT="%m" ctime(_time) AS month | eval quarter=date_year."-".case(month<=3,"Q1",month<=6,"Q2",month<=9,"Q3",month<=12,"Q4",1=1,"missing") | stats count by quarter | sort -quarter

aadye
Explorer

I search and pass the time field piping that into your suggestion...
As an example I see results like below:
quarter | time
2011-Q3 | 8/19/2012 11:57:54 PM
2013-Q1 | 10/14/2005 6:22:37 PM

0 Karma

yannK
Splunk Employee
Splunk Employee

strange, verify that the timestamp detected by splunk is matching your timestamp in the event.

0 Karma

aadye
Explorer

Thank for your reply, It appears to group all of my data into yyyy-Qx nicely, but I'm confused as to what is in the groups, for example in group Q1-2007 I see "2/12/2008 00:01:02". Do I need to tweek it for the format somehow?

TIA

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...