Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Help with timewrap Command

Shashank_87
Explorer
‎11-14-2019 09:07 AM

Hi, I am trying to show a comparison of traffic on my website for today, yesterday and last week. I am using below query for getting the results. My query is if i put that into a chart then on x-axis, i get time field which shows time for last 24 hours. So what does it mean exactly?
I mean does it show the 7 days before on this time, this was the traffic? I am not able to get the _time field understanding here.
Can someone help?

index=web_prod sourcetype=access_combined req_content="/" earliest=-8d@d latest=now
| timechart count span=1h
| timewrap d
| table _time 1day_before 7days_before latest_day

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎06-28-2020 09:19 PM

The timewrap normalises all the time series on to the same time window, i.e. in your case the last 24 hours. It will create a new series for each of the days going back in time in your search time range

I think your field names are not quite right

| table _time 1day_before 7days_before latest_day

Missing '_' character in fields 

Reply

Jegan
Engager
‎06-28-2020 09:10 PM

This would work

index=webprod sourcetype=accesscombined reqcontent="/" | timechart count span=1h | timewrap d | table _time, _span, 1daybefore, 7daysbefore, latestday

0 Karma
Reply

Jegan
Engager
‎06-28-2020 08:15 PM

Got answer for the above?

0 Karma
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

[Puzzles] Solve, Learn, Repeat: Unmerging HTML TablesFor a previous puzzle, I needed some sample data, and ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...