Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Help with timewrap Command

Shashank_87
Explorer
‎11-14-2019 09:07 AM

Hi, I am trying to show a comparison of traffic on my website for today, yesterday and last week. I am using below query for getting the results. My query is if i put that into a chart then on x-axis, i get time field which shows time for last 24 hours. So what does it mean exactly?
I mean does it show the 7 days before on this time, this was the traffic? I am not able to get the _time field understanding here.
Can someone help?

index=web_prod sourcetype=access_combined req_content="/" earliest=-8d@d latest=now
| timechart count span=1h
| timewrap d
| table _time 1day_before 7days_before latest_day

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎06-28-2020 09:19 PM

The timewrap normalises all the time series on to the same time window, i.e. in your case the last 24 hours. It will create a new series for each of the days going back in time in your search time range

I think your field names are not quite right

| table _time 1day_before 7days_before latest_day

Missing '_' character in fields 

Reply

Jegan
Engager
‎06-28-2020 09:10 PM

This would work

index=webprod sourcetype=accesscombined reqcontent="/" | timechart count span=1h | timewrap d | table _time, _span, 1daybefore, 7daysbefore, latestday

0 Karma
Reply

Jegan
Engager
‎06-28-2020 08:15 PM

Got answer for the above?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...