Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Help with timewrap Command

Shashank_87
Explorer
‎11-14-2019 09:07 AM

Hi, I am trying to show a comparison of traffic on my website for today, yesterday and last week. I am using below query for getting the results. My query is if i put that into a chart then on x-axis, i get time field which shows time for last 24 hours. So what does it mean exactly?
I mean does it show the 7 days before on this time, this was the traffic? I am not able to get the _time field understanding here.
Can someone help?

index=web_prod sourcetype=access_combined req_content="/" earliest=-8d@d latest=now
| timechart count span=1h
| timewrap d
| table _time 1day_before 7days_before latest_day

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎06-28-2020 09:19 PM

The timewrap normalises all the time series on to the same time window, i.e. in your case the last 24 hours. It will create a new series for each of the days going back in time in your search time range

I think your field names are not quite right

| table _time 1day_before 7days_before latest_day

Missing '_' character in fields 

Reply

Jegan
Engager
‎06-28-2020 09:10 PM

This would work

index=webprod sourcetype=accesscombined reqcontent="/" | timechart count span=1h | timewrap d | table _time, _span, 1daybefore, 7daysbefore, latestday

0 Karma
Reply

Jegan
Engager
‎06-28-2020 08:15 PM

Got answer for the above?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...