Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I produce results with a span of 1 day and span for every 1st of the month?

Gowtham0809
New Member
‎01-28-2019 06:03 AM

I User the below search to identify the usage of disk for 1 day(Previous day).

earliest=-2d index="A" source="PerfmonMk:Free Disk Space" "%_Free_Space"="*" E | eval volume=Free_Megabytes/1024 | chart avg(volume) | rename avg(volume) as Volume1 | join type=left [search earliest=-1d index="A" source="PerfmonMk:Free Disk Space" "%_Free_Space"="*" E | eval volume=Free_Megabytes/1024 | chart avg(volume) | rename avg(volume) as Volume2]  | eval difference=(Volume1-Volume2)

I need to get this data on a daily basis to generate a monthly report.

Would someone help me in doing the same using the time span command?

Thanks,

Tags (3)
0 Karma
Reply

chrisyounger
SplunkTrust
SplunkTrust
‎01-28-2019 11:10 AM

Hi @Gowtham0809

Does this do what you are wanting:

earliest=-1mon@mon index="A" source="PerfmonMk:Free Disk Space" "%_Free_Space"="" E | eval volume=Free_Megabytes/1024 | timechart span=1d avg(volume) as volume

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...