Solved: Re: How to compare data between two business weeks...

Devi13 · ‎06-09-2023

Hello Team,

Could you please suggest on how to create an overlapping graph which compares this week's data and previous week's data excluding weekends.

Any help is very much appreciated.

My base search is very simple.
index=my index source=/.log '#search string#'
| time chart span=1h count(_raw) by host

ITWhisperer · ‎06-10-2023

Repeat the first two lines - timechart adds the times back in, but the good thing about it is that if there are any hours without any events, you still get zeroes for those hours. If you use chart or stats instead, the times without events don't appear at all.

View solution in original post

Devi13 · ‎06-10-2023

Greatt! Thank you so muchh for your help 🙂

ITWhisperer · ‎06-10-2023

| eval day= strftime(_time,"%w")
| where day > 0 AND day < 6
| timechart span=1h count by host
| timewrap 1w align=end

Devi13 · ‎06-10-2023

Hello,

Thank you so so much , it works like a charm.

But I still get weekends in the results, is there a way to exclude them?

ITWhisperer · ‎06-10-2023

Repeat the first two lines - timechart adds the times back in, but the good thing about it is that if there are any hours without any events, you still get zeroes for those hours. If you use chart or stats instead, the times without events don't appear at all.

How to compare data between two business weeks using time chart excluding weekends?

chart

timechart

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!