Splunk Search

How can I compare the results of the same search by a particular date or day of the week/month?

New Member

How can I compare the result by a particular week or date for this search?

sourcetype="rum" u=* |stats count,avg(t_done),max(t_done),min(t_done)  by u|sort - max(t_done)
0 Karma

Motivator

Hi
try this search code just add for example earliest=-3d@d latest=-0d@d

sourcetype="rum" u=* earliest=-3d@d latest=-0d@d|stats count,avg(t_done),max(t_done),min(t_done) by u|sort - max(t_done) 
0 Karma

Hi rck,

Try to run this if you want to get the specific data for the particular date;

sourcetype="rum" u=*|streamstats count,avg(t_done),max(t_done),min(t_done) by u|timechart span=w max(t_done)

This will displays you data for each week.

0 Karma

SplunkTrust
SplunkTrust

If you just want to list it based on dates , then use timechart

sourcetype="rum" u=* |timechart span=1d count,avg(t_done),max(t_done),min(t_done) by u

OR

sourcetype="rum" u=* |bucket span=1d _time|stats count,avg(t_done),max(t_done),min(t_done) by u,_time|sort - max(t_done)
0 Karma

New Member

how can i get the specific data for the particular date

0 Karma

New Member

i just want to retrieve the data for the date 11/02/1016,12/02/1016,13/02/1016.how can i specify this.

0 Karma

SplunkTrust
SplunkTrust

You can set the timerange or adjust the earliest and latest fields to your required date

0 Karma