Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Help with timewrap Command

Shashank_87
Explorer
‎11-14-2019 09:07 AM

Hi, I am trying to show a comparison of traffic on my website for today, yesterday and last week. I am using below query for getting the results. My query is if i put that into a chart then on x-axis, i get time field which shows time for last 24 hours. So what does it mean exactly?
I mean does it show the 7 days before on this time, this was the traffic? I am not able to get the _time field understanding here.
Can someone help?

index=web_prod sourcetype=access_combined req_content="/" earliest=-8d@d latest=now
| timechart count span=1h
| timewrap d
| table _time 1day_before 7days_before latest_day

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎06-28-2020 09:19 PM

The timewrap normalises all the time series on to the same time window, i.e. in your case the last 24 hours. It will create a new series for each of the days going back in time in your search time range

I think your field names are not quite right

| table _time 1day_before 7days_before latest_day

Missing '_' character in fields 

Reply

Jegan
Engager
‎06-28-2020 09:10 PM

This would work

index=webprod sourcetype=accesscombined reqcontent="/" | timechart count span=1h | timewrap d | table _time, _span, 1daybefore, 7daysbefore, latestday

0 Karma
Reply

Jegan
Engager
‎06-28-2020 08:15 PM

Got answer for the above?

0 Karma
Reply
Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...