Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Accounting for weekends and holidays

AlexeyPy
Engager
‎05-10-2017 06:45 AM

I'm trying to come up with a method of accounting for weekends and holidays. Tell me, how should I implement this algorithm?
Real case: we need to catch response on the application after 2 working days subject to weekends and holidays.

There is the idea to implement it with a lookup, however, will have to manually affix the holidays every year. I would like to automate this process completely.

Tags (2)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-10-2017 07:14 AM

Hi AlexeyPy,
for week-ends you can add to your searches

date_wday="sunday" OR date_wday="saturday"

instead to manage holydays the only way is to create a lookup containing holyday dates and use it to filter your searches.

your_search (date_wday="sunday" OR date_wday="saturday" OR [ | inputlookup holydays.csv | fields date ] )

putting attention on the date format that must be the same for _time and your lookup.

Bye.
Giuseppe

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...