Hello,

I've been trying a few different ways, with no luck, to represent some server counts that I see happening on Thursday, Friday, Saturday, Sunday, Monday(sometimes).

Unfortunately, it seems like I can't do this count "per week" as we need to count per the last "scan time" which will start thursday and end on the latest Monday.

I started looking into my possible options, and think I have half an idea of how to accomplish it, but if there's better ideas then that would be awesome as well.

Is it possible to do a sum based on "grouped days") Thurs+Fri+Sat+Sun+Mon, or dayofweek 4,5,6,0,1?  The main thing I can't get over is how to differentiate the "grouped days"?  We like to evaluate based on the "current week" of the year, but this would bring our "grouped days" to persisting through multiple "current weeks" of the year (this is variable 'weekofyear').

Essentially, I need to count weekofyear where the output would be like:

I haven't really gotten any further than just evaluating date commands to evaluate my options.  Other than that, I just have a line chart indicating a day of week over the counts... It's not very pretty.

index blah sourcetype blah search blah 
```what i have been looking at so far...```
| rename server_id as "Server_Responses"
```at this point I was just looking at the possibilities to count by an aggregated "day of week in number" or by "dayofweek(short|full)", and real all possibilities```
| eval dayofweekshort=strftime(_time,"%a")
| timechart count(ping.status) as pingstats, dc("Server_Responses") by Department span=1w@1w
```Start evaluating possible days, weeks, months, current weeks, etc```
| eval dayofweekshort=strftime(_time,"%a") | eval dayofweekfull=strftime(_time,"%A") | eval dayofweekasnumber=strftime(_time,"%w")
| eval dayofmonth=strftime(_time,"%d")
| eval weekofmonth=floor(dayofmonth/7)+1
| eval weekofyear=strftime(_time,"%U")
| fields - day