Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to add a column with date field in a chart

sfmandmdev
Path Finder
‎09-09-2010 06:32 PM

I have this query-

index=myIndex logRecordTypeX=1 
(logName="abc" OR logName="def" OR logName="ghi" OR logName="jkl" OR logName="mno") 
starttime="08/31/2010:00:00:00.000" endtime="08/31/2010:23:59:59.999" | fields logName, organizationId | eval logName=lower(logName) | chart count as pageViews over organizationId by logName limit=50 | addtotals fieldname=totalPageviews | sort –totalPageviews

I want to add another columns to my search results called Date ( it will display the same value in all rows- ie 8/31/2010). How can I do that?

Tags (1)
0 Karma
Reply

sfmandmdev
Path Finder
‎11-10-2010 08:23 PM

I finally used this as a workaround(ie appending date to one of the column values)

index=myIndex logRecordTypeX=1 (logName="abc" OR logName="def" OR logName="ghi" OR logName="jkl" OR logName="mno") starttime="08/31/2010:00:00:00.000" endtime="08/31/2010:23:59:59.999" | fields logName, organizationId,_time | eval Time=strftime(_time,"%m/%d") | eval NewOid = organizationId+" "+Time | chart count as pageViews over NewOid by logName limit=50

0 Karma
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎09-09-2010 06:48 PM

If you want to hardcode the date here, you can just add | eval Date = "8/31/2010" but I suppose you want to be more clever and have it be based on the search itself.

In that case you should add:

... | addinfo | eval Date = strftime(info_min_time, "%m/%d/%Y") | fields - info_*
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...