Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to compare data by the same day of different weeks?

Julia1231
Communicator
‎09-26-2022 02:10 AM

Hi everyone,

I am searching data in Splunk, after different steps, I have now this table:

 

_time count Type
Mon Sep 12 00:00:00 2022 820 1
Mon Sep 12 00:00:00 2022 885 2
Tue Sep 13 00:00:00 2022 773 1
Tue Sep 13 00:00:00 2022 922 2
Wed Sep 14 00:00:00 2022 825 1
Wed Sep 14 00:00:00 2022 844 2
Thu Sep 15 00:00:00 2022 748 1
Thu Sep 15 00:00:00 2022 943 2
Fri Sep 16 00:00:00 2022 794 1
Fri Sep 16 00:00:00 2022 890 2
Sat Sep 17 00:00:00 2022 684 1
Sat Sep 17 00:00:00 2022 793 2
Sun Sep 18 00:00:00 2022 737 1
Sun Sep 18 00:00:00 2022 795 2
Mon Sep 19 00:00:00 2022 764 1
Mon Sep 19 00:00:00 2022 890 2
Tue Sep 20 00:00:00 2022 792 1
Tue Sep 20 00:00:00 2022 876 2
Wed Sep 21 00:00:00 2022 754 1
Wed Sep 21 00:00:00 2022 853 2
Thu Sep 22 00:00:00 2022 784 1
Thu Sep 22 00:00:00 2022 883 2
Fri Sep 23 00:00:00 2022 731 1
Fri Sep 23 00:00:00 2022 820 2
Sat Sep 24 00:00:00 2022 691 1
Sat Sep 24 00:00:00 2022 788 2
Sun Sep 25 00:00:00 2022 726 1
Sun Sep 25 00:00:00 2022 762 2
Mon Sep 26 00:00:00 2022 403 1
Mon Sep 26 00:00:00 2022 431 2

Actually there are more than 2 types but I just put here 2 for simplify.

For now I can view the trending of data for each type thanks to Trellis, by 7 days per week.

Julia1231_0-1664181615580.png


But I want to have another view to have data display by each type , compare the same day of different weeks. Something like this:

Julia1231_3-1664183301588.png

Do you have any idea please?

Thanks,

Julia

Labels (5)
Labels
Tags (1)
0 Karma
Reply

andrew_nelson
Communicator
‎09-26-2022 02:35 AM

Have a look at the  | timewrap function. I believe that should cover what you're looking for.

timewrap - Splunk Documentation

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...