Splunk Search

Can you help me to create a query with a timechart?

kingwaras
Engager

Hi all,

with the query below I have extracted the sum of overtime per day.

index="effort_tracker"
 | stats count by Day Hours Username
 | sort count 
 | stats sum(Hours) as Time by Day Username
 | where Time > 8
 | eval Overtime = Time-8
 | stats sum(Overtime) as Overtime By Day
 | sort -Day

Day ; Overtime
17/12/2018 ; 1
16/12/2018 ; 2
15/12/2018 ; 3

I need to create a timechart (Single Value chart) in order to view the difference between two dates provided by filters (the date formar is "%Y-%m-%d".

I hope I have explained my problem well.
Thanks in advance.

0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@kingwaras

Can you please try this?

YOUR_SEARCH | table Day Overtime | eval _time=strptime(Day,"%d/%m/%Y") | timechart values(Overtime) as Overtime

Thanks

View solution in original post

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@kingwaras

Can you please try this?

YOUR_SEARCH | table Day Overtime | eval _time=strptime(Day,"%d/%m/%Y") | timechart values(Overtime) as Overtime

Thanks

View solution in original post

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!