Reporting

Exclude Saturday and Sunday from monthly repirt

priya0709
Path Finder

I wanted to update my query to exclude Saturday and Sunday from attached query which is running for last 30 days

Please suggest

Query searches for host which generated event code 52 in last 30 days

Labels (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
--- your query
| eval dotw=tonumber(strftime(_time,"%w"))
| where dotw > 0 AND dotw < 6

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @priya0709,

you could also add to your main search:

your_main_search NOT (date_wday="saturday" OR date_wday="sunday")
| ...

Ciao.

Giuseppe 

mark_groenveld
Path Finder

I tried this and it still showed results for a stats or timechart output.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
--- your query
| eval dotw=tonumber(strftime(_time,"%w"))
| where dotw > 0 AND dotw < 6
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...